C#: Address review comments.

2026-04-30 03:05:15 +02:00 · 2019-01-22 16:49:35 +00:00
parent 63653cd0f7
commit 790db3ab67
3 changed files with 14 additions and 31 deletions
--- a/csharp/ql/src/semmle/code/csharp/dataflow/flowsources/Local.qll
+++ b/csharp/ql/src/semmle/code/csharp/dataflow/flowsources/Local.qll
@@ -16,9 +16,7 @@ abstract class LocalUserInputSource extends LocalFlowSource { }

 /** The text of a `TextBox`. */
 class TextFieldSource extends LocalUserInputSource {
-  TextFieldSource() {
-    this.asExpr() = any(TextControl control).getARead()
-  }
+  TextFieldSource() { this.asExpr() = any(TextControl control).getARead() }

  override string getSourceType() { result = "TextBox text" }
 }
--- a/csharp/ql/src/semmle/code/csharp/frameworks/system/windows/Forms.qll
+++ b/csharp/ql/src/semmle/code/csharp/frameworks/system/windows/Forms.qll
@@ -26,9 +26,7 @@ class SystemWindowsFormsHtmlElement extends SystemWindowsFormsClass {

 /** The `System.Windows.Forms.TextBoxBase` class. */
 class SystemWindowsFormsTextBoxBase extends SystemWindowsFormsClass {
-  SystemWindowsFormsTextBoxBase() {
-    this.hasName("TextBoxBase")
-  }
+  SystemWindowsFormsTextBoxBase() { this.hasName("TextBoxBase") }

  /** Gets the `Text` property. */
  Property getTextProperty() { result = this.getProperty("Text") }
@@ -36,9 +34,7 @@ class SystemWindowsFormsTextBoxBase extends SystemWindowsFormsClass {

 /** The `System.Windows.Forms.RichTextBox` class. */
 class SystemWindowsFormsRichTextBox extends SystemWindowsFormsClass {
-  SystemWindowsFormsRichTextBox() {
-    this.hasName("RichTextBox")
-  }
+  SystemWindowsFormsRichTextBox() { this.hasName("RichTextBox") }

  /** Gets the `Rtf` property. */
  Property getRtfProperty() { result = this.getProperty("Rtf") }
@@ -52,19 +48,15 @@ class SystemWindowsFormsRichTextBox extends SystemWindowsFormsClass {

 /** The `System.Windows.Forms.HtmlDocument` class. */
 class SystemWindowsFormsHtmlDocumentClass extends SystemWindowsFormsClass {
-  SystemWindowsFormsHtmlDocumentClass() {
-    this.hasName("HtmlDocument")
-  }
+  SystemWindowsFormsHtmlDocumentClass() { this.hasName("HtmlDocument") }

  /** Gets the `Write` method. */
-  Method getWriteMethod() { result = this.getAMethod() and result.hasName("Write") }  
+  Method getWriteMethod() { result = this.getAMethod("Write") }
 }

 /** The `System.Windows.Forms.WebBrowser` class. */
 class SystemWindowsFormsWebBrowserClass extends SystemWindowsFormsClass {
-  SystemWindowsFormsWebBrowserClass() {
-    this.hasName("WebBrowser")
-  }
+  SystemWindowsFormsWebBrowserClass() { this.hasName("WebBrowser") }

  /** Gets the `DocumentText` property. */
  Property getDocumentTextProperty() { result = this.getProperty("DocumentText") }
@@ -78,23 +70,19 @@ private class TextProperty extends Property {
      this = c.getSelectedRtfProperty()
    )
    or
-    exists(SystemWindowsFormsTextBoxBase tb |
-      this = tb.getTextProperty().getAnOverrider*()
-    )
+    exists(SystemWindowsFormsTextBoxBase tb | this = tb.getTextProperty().getAnOverrider*())
  }
 }

-/** A field that contains a text control. */
-class TextControl extends Field
-{
+/** A variable that contains a text control. */
+class TextControl extends Variable {
  TextControl() {
    this.getType().(ValueOrRefType).getBaseClass*() instanceof SystemWindowsFormsTextBoxBase
  }

  /** Gets a read of the text property. */
  PropertyRead getARead() {
-    result.getTarget() instanceof TextProperty
-    and
+    result.getTarget() instanceof TextProperty and
    result.getQualifier() = this.getAnAccess()
  }
 }
--- a/csharp/ql/src/semmle/code/csharp/security/SensitiveActions.qll
+++ b/csharp/ql/src/semmle/code/csharp/security/SensitiveActions.qll
@@ -137,20 +137,17 @@ class SensitiveVariableAccess extends SensitiveExpr, VariableAccess {

 /** Reading the `Text` property of a password text box. */
 class PasswordTextboxText extends SensitiveExpr, PropertyRead {
-  PasswordTextboxText() {
-    this = any(PasswordField p).getARead()
-  }
+  PasswordTextboxText() { this = any(PasswordField p).getARead() }
 }

 /** A field containing a text box used as a password. */
-class PasswordField extends TextControl
-{
+class PasswordField extends TextControl {
  PasswordField() {
    isSuspicious(this.getName())
    or
    exists(PropertyWrite write | write.getQualifier() = this.getAnAccess() |
-        write.getTarget().getName() = "UseSystemPasswordChar" or
-        write.getTarget().getName() = "PasswordChar"
+      write.getTarget().getName() = "UseSystemPasswordChar" or
+      write.getTarget().getName() = "PasswordChar"
    )
  }
 }