diff --git a/csharp/ql/lib/ext/System.model.yml b/csharp/ql/lib/ext/System.model.yml index 870413e7569..963b37887ee 100644 --- a/csharp/ql/lib/ext/System.model.yml +++ b/csharp/ql/lib/ext/System.model.yml @@ -11,6 +11,11 @@ extensions: - ["System", "Environment", False, "get_CommandLine", "()", "", "ReturnValue", "commandargs", "manual"] - ["System", "Environment", False, "GetEnvironmentVariable", "", "", "ReturnValue", "environment", "manual"] - ["System", "Environment", False, "GetEnvironmentVariables", "", "", "ReturnValue", "environment", "manual"] + - addsTo: + pack: codeql/csharp-all + extensible: barrierGuardModel + data: + - ["System", "Uri", False, "get_IsAbsoluteUri", "()", "", "Argument[this]", "false", "url-redirection", "manual"] - addsTo: pack: codeql/csharp-all extensible: summaryModel diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll index 20a64e61d81..e7cbf237762 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UrlRedirectQuery.qll @@ -165,27 +165,6 @@ class ContainsUrlSanitizer extends Sanitizer { } } -/** - * A check that the URL is relative, and therefore safe for URL redirects. - */ -private predicate isRelativeUrlSanitizer(Guard guard, Expr e, GuardValue v) { - guard = - any(PropertyAccess access | - access.getProperty().hasFullyQualifiedName("System", "Uri", "IsAbsoluteUri") and - e = access.getQualifier() and - v.asBooleanValue() = false - ) -} - -/** - * A check that the URL is relative, and therefore safe for URL redirects. - */ -class RelativeUrlSanitizer extends Sanitizer { - RelativeUrlSanitizer() { - this = DataFlow::BarrierGuard::getABarrierNode() - } -} - /** * A comparison on the `Host` property of a url, that is a sanitizer for URL redirects. * E.g. `url.Host == "example.org"`