Convert barrier guard to MaD

I checked that without the model a test fails.
2026-02-11 20:51:06 +01:00 · 2026-01-09 15:15:53 +00:00
parent b30bc5ea44
commit 68b618176e
2 changed files with 5 additions and 21 deletions
--- a/csharp/ql/lib/ext/System.model.yml
+++ b/csharp/ql/lib/ext/System.model.yml
@@ -11,6 +11,11 @@ extensions:
      - ["System", "Environment", False, "get_CommandLine", "()", "", "ReturnValue", "commandargs", "manual"]
      - ["System", "Environment", False, "GetEnvironmentVariable", "", "", "ReturnValue", "environment", "manual"]
      - ["System", "Environment", False, "GetEnvironmentVariables", "", "", "ReturnValue", "environment", "manual"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: barrierGuardModel
+    data:
+      - ["System", "Uri", False, "get_IsAbsoluteUri", "()", "", "Argument[this]", "false", "url-redirection", "manual"]
  - addsTo:
      pack: codeql/csharp-all
      extensible: summaryModel
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll
@@ -165,27 +165,6 @@ class ContainsUrlSanitizer extends Sanitizer {
  }
 }

-/**
- * A check that the URL is relative, and therefore safe for URL redirects.
- */
-private predicate isRelativeUrlSanitizer(Guard guard, Expr e, GuardValue v) {
-  guard =
-    any(PropertyAccess access |
-      access.getProperty().hasFullyQualifiedName("System", "Uri", "IsAbsoluteUri") and
-      e = access.getQualifier() and
-      v.asBooleanValue() = false
-    )
-}
-
-/**
- * A check that the URL is relative, and therefore safe for URL redirects.
- */
-class RelativeUrlSanitizer extends Sanitizer {
-  RelativeUrlSanitizer() {
-    this = DataFlow::BarrierGuard<isRelativeUrlSanitizer/3>::getABarrierNode()
-  }
-}
-
 /**
 * A comparison on the `Host` property of a url, that is a sanitizer for URL redirects.
 * E.g. `url.Host == "example.org"`