mirror of
https://github.com/github/codeql.git
synced 2025-12-20 10:46:30 +01:00
Merge pull request #4606 from hvitved/csharp/dataflow/ef
C#: Precise data flow for EntityFramework(Core)
This commit is contained in:
Tom Hvitved
@@ -8,6 +8,7 @@ private import internal.FlowSummarySpecific::Private
|
|||||||
private import internal.DataFlowPublic as DataFlowPublic
|
private import internal.DataFlowPublic as DataFlowPublic
|
||||||
// import all instances below
|
// import all instances below
|
||||||
private import semmle.code.csharp.dataflow.LibraryTypeDataFlow
|
private import semmle.code.csharp.dataflow.LibraryTypeDataFlow
|
||||||
|
private import semmle.code.csharp.frameworks.EntityFramework
|
||||||
|
|
||||||
class SummarizableCallable = Impl::Public::SummarizableCallable;
|
class SummarizableCallable = Impl::Public::SummarizableCallable;
|
||||||
|
|
||||||
@@ -135,6 +136,17 @@ module SummaryOutput {
|
|||||||
result = TDelegateSummaryOutput(i, j) and
|
result = TDelegateSummaryOutput(i, j) and
|
||||||
hasDelegateArgumentPosition2(c, i, j)
|
hasDelegateArgumentPosition2(c, i, j)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Gets an output specification that specifies the `output` of `target` as the
|
||||||
|
* output. That is, data will flow into one callable and out of another callable
|
||||||
|
* (`target`).
|
||||||
|
*
|
||||||
|
* `output` is limited to (this) parameters and ordinary returns.
|
||||||
|
*/
|
||||||
|
SummaryOutput jump(SummarizableCallable target, SummaryOutput output) {
|
||||||
|
result = TJumpSummaryOutput(target, toReturnKind(output))
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
class SummarizedCallable = Impl::Public::SummarizedCallable;
|
class SummarizedCallable = Impl::Public::SummarizedCallable;
|
||||||
|
|||||||
@@ -21,6 +21,9 @@ DotNet::Callable getCallableForDataFlow(DotNet::Callable c) {
|
|||||||
result = sourceDecl and
|
result = sourceDecl and
|
||||||
result instanceof SummarizedCallable
|
result instanceof SummarizedCallable
|
||||||
or
|
or
|
||||||
|
result = sourceDecl and
|
||||||
|
FlowSummaryImpl::Private::summary(_, _, _, SummaryOutput::jump(result, _), _, _)
|
||||||
|
or
|
||||||
result.hasBody() and
|
result.hasBody() and
|
||||||
if sourceDecl.getFile().fromSource()
|
if sourceDecl.getFile().fromSource()
|
||||||
then
|
then
|
||||||
|
|||||||
@@ -469,12 +469,9 @@ private predicate overridesOrImplementsSourceDecl(Property p1, Property p2) {
|
|||||||
private predicate fieldOrPropertyRead(Expr e1, Content c, FieldOrPropertyRead e2) {
|
private predicate fieldOrPropertyRead(Expr e1, Content c, FieldOrPropertyRead e2) {
|
||||||
e1 = e2.getQualifier() and
|
e1 = e2.getQualifier() and
|
||||||
exists(FieldOrProperty ret | c = ret.getContent() |
|
exists(FieldOrProperty ret | c = ret.getContent() |
|
||||||
ret.isFieldLike() and
|
|
||||||
ret = e2.getTarget()
|
ret = e2.getTarget()
|
||||||
or
|
or
|
||||||
exists(ContentList cl, Property target |
|
exists(Property target |
|
||||||
FlowSummaryImpl::Private::summary(_, _, _, _, cl, _) and
|
|
||||||
cl.contains(ret.getContent()) and
|
|
||||||
target.getGetter() = e2.(PropertyCall).getARuntimeTarget() and
|
target.getGetter() = e2.(PropertyCall).getARuntimeTarget() and
|
||||||
overridesOrImplementsSourceDecl(target, ret)
|
overridesOrImplementsSourceDecl(target, ret)
|
||||||
)
|
)
|
||||||
@@ -640,6 +637,10 @@ private module Cached {
|
|||||||
output = SummaryOutput::delegate(delegateIndex, parameterIndex)
|
output = SummaryOutput::delegate(delegateIndex, parameterIndex)
|
||||||
)
|
)
|
||||||
} or
|
} or
|
||||||
|
TSummaryJumpNode(SummarizedCallable c, SummarizableCallable target, ReturnKind rk) {
|
||||||
|
FlowSummaryImpl::Private::summary(c, _, _,
|
||||||
|
FlowSummarySpecific::Private::TJumpSummaryOutput(target, rk), _, _)
|
||||||
|
} or
|
||||||
TParamsArgumentNode(ControlFlow::Node callCfn) {
|
TParamsArgumentNode(ControlFlow::Node callCfn) {
|
||||||
callCfn = any(Call c | isParamsArg(c, _, _)).getAControlFlowNode()
|
callCfn = any(Call c | isParamsArg(c, _, _)).getAControlFlowNode()
|
||||||
}
|
}
|
||||||
@@ -685,8 +686,19 @@ private module Cached {
|
|||||||
* taken into account.
|
* taken into account.
|
||||||
*/
|
*/
|
||||||
cached
|
cached
|
||||||
predicate jumpStepImpl(ExprNode pred, ExprNode succ) {
|
predicate jumpStepImpl(Node pred, Node succ) {
|
||||||
pred.(NonLocalJumpNode).getAJumpSuccessor(true) = succ
|
pred.(NonLocalJumpNode).getAJumpSuccessor(true) = succ
|
||||||
|
or
|
||||||
|
exists(FieldOrProperty fl, FieldOrPropertyRead flr |
|
||||||
|
fl.isStatic() and
|
||||||
|
fl.isFieldLike() and
|
||||||
|
fl.getAnAssignedValue() = pred.asExpr() and
|
||||||
|
fl.getAnAccess() = flr and
|
||||||
|
flr = succ.asExpr() and
|
||||||
|
flr.hasNonlocalValue()
|
||||||
|
)
|
||||||
|
or
|
||||||
|
succ = pred.(SummaryJumpNode).getAJumpTarget()
|
||||||
}
|
}
|
||||||
|
|
||||||
cached
|
cached
|
||||||
@@ -1613,6 +1625,28 @@ private class SummaryInternalNode extends SummaryNodeImpl, TSummaryInternalNode
|
|||||||
override string toStringImpl() { result = "[summary] " + state + " in " + c }
|
override string toStringImpl() { result = "[summary] " + state + " in " + c }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** A data-flow node used to model flow summaries with jumps. */
|
||||||
|
private class SummaryJumpNode extends SummaryNodeImpl, TSummaryJumpNode {
|
||||||
|
private SummarizedCallable c;
|
||||||
|
private SummarizableCallable target;
|
||||||
|
private ReturnKind rk;
|
||||||
|
|
||||||
|
SummaryJumpNode() { this = TSummaryJumpNode(c, target, rk) }
|
||||||
|
|
||||||
|
/** Gets a jump target of this node. */
|
||||||
|
OutNode getAJumpTarget() { target = viableCallable(result.getCall(rk)) }
|
||||||
|
|
||||||
|
override Callable getEnclosingCallableImpl() { result = c }
|
||||||
|
|
||||||
|
override DotNet::Type getTypeImpl() { result = target.getReturnType() }
|
||||||
|
|
||||||
|
override ControlFlow::Node getControlFlowNodeImpl() { none() }
|
||||||
|
|
||||||
|
override Location getLocationImpl() { result = c.getLocation() }
|
||||||
|
|
||||||
|
override string toStringImpl() { result = "[summary] jump to " + target }
|
||||||
|
}
|
||||||
|
|
||||||
/** A field or a property. */
|
/** A field or a property. */
|
||||||
class FieldOrProperty extends Assignable, Modifiable {
|
class FieldOrProperty extends Assignable, Modifiable {
|
||||||
FieldOrProperty() {
|
FieldOrProperty() {
|
||||||
@@ -1669,26 +1703,6 @@ private class FieldOrPropertyRead extends FieldOrPropertyAccess, AssignableRead
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** A write to a static field/property. */
|
|
||||||
private class StaticFieldLikeJumpNode extends NonLocalJumpNode, ExprNode {
|
|
||||||
FieldOrProperty fl;
|
|
||||||
FieldOrPropertyRead flr;
|
|
||||||
ExprNode succ;
|
|
||||||
|
|
||||||
StaticFieldLikeJumpNode() {
|
|
||||||
fl.isStatic() and
|
|
||||||
fl.isFieldLike() and
|
|
||||||
fl.getAnAssignedValue() = this.getExpr() and
|
|
||||||
fl.getAnAccess() = flr and
|
|
||||||
flr = succ.getExpr() and
|
|
||||||
flr.hasNonlocalValue()
|
|
||||||
}
|
|
||||||
|
|
||||||
override ExprNode getAJumpSuccessor(boolean preservesValue) {
|
|
||||||
result = succ and preservesValue = true
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
predicate jumpStep = jumpStepImpl/2;
|
predicate jumpStep = jumpStepImpl/2;
|
||||||
|
|
||||||
private class StoreStepConfiguration extends ControlFlowReachabilityConfiguration {
|
private class StoreStepConfiguration extends ControlFlowReachabilityConfiguration {
|
||||||
|
|||||||
@@ -4,13 +4,13 @@
|
|||||||
|
|
||||||
private import csharp
|
private import csharp
|
||||||
private import semmle.code.csharp.frameworks.system.linq.Expressions
|
private import semmle.code.csharp.frameworks.system.linq.Expressions
|
||||||
|
private import DataFlowDispatch
|
||||||
|
|
||||||
module Private {
|
module Private {
|
||||||
private import Public
|
private import Public
|
||||||
private import DataFlowPrivate as DataFlowPrivate
|
private import DataFlowPrivate as DataFlowPrivate
|
||||||
private import DataFlowPublic as DataFlowPublic
|
private import DataFlowPublic as DataFlowPublic
|
||||||
private import FlowSummaryImpl as Impl
|
private import FlowSummaryImpl as Impl
|
||||||
private import DataFlowDispatch
|
|
||||||
private import semmle.code.csharp.Unification
|
private import semmle.code.csharp.Unification
|
||||||
|
|
||||||
class Content = DataFlowPublic::Content;
|
class Content = DataFlowPublic::Content;
|
||||||
@@ -56,7 +56,19 @@ module Private {
|
|||||||
TParameterSummaryOutput(int i) {
|
TParameterSummaryOutput(int i) {
|
||||||
i in [-1, any(SummarizableCallable c).getAParameter().getPosition()]
|
i in [-1, any(SummarizableCallable c).getAParameter().getPosition()]
|
||||||
} or
|
} or
|
||||||
TDelegateSummaryOutput(int i, int j) { hasDelegateArgumentPosition2(_, i, j) }
|
TDelegateSummaryOutput(int i, int j) { hasDelegateArgumentPosition2(_, i, j) } or
|
||||||
|
TJumpSummaryOutput(SummarizableCallable target, ReturnKind rk) {
|
||||||
|
rk instanceof NormalReturnKind and
|
||||||
|
(
|
||||||
|
target instanceof Constructor or
|
||||||
|
not target.getReturnType() instanceof VoidType
|
||||||
|
)
|
||||||
|
or
|
||||||
|
rk instanceof QualifierReturnKind and
|
||||||
|
not target.(Modifiable).isStatic()
|
||||||
|
or
|
||||||
|
exists(target.getParameter(rk.(OutRefReturnKind).getPosition()))
|
||||||
|
}
|
||||||
|
|
||||||
/** Gets the return kind that matches `sink`, if any. */
|
/** Gets the return kind that matches `sink`, if any. */
|
||||||
ReturnKind toReturnKind(SummaryOutput output) {
|
ReturnKind toReturnKind(SummaryOutput output) {
|
||||||
@@ -92,6 +104,11 @@ module Private {
|
|||||||
output = TDelegateSummaryOutput(i, j) and
|
output = TDelegateSummaryOutput(i, j) and
|
||||||
result = DataFlowPrivate::TSummaryDelegateArgumentNode(c, i, j)
|
result = DataFlowPrivate::TSummaryDelegateArgumentNode(c, i, j)
|
||||||
)
|
)
|
||||||
|
or
|
||||||
|
exists(SummarizableCallable target, ReturnKind rk |
|
||||||
|
output = TJumpSummaryOutput(target, rk) and
|
||||||
|
result = DataFlowPrivate::TSummaryJumpNode(c, target, rk)
|
||||||
|
)
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Gets the internal summary node for the given values. */
|
/** Gets the internal summary node for the given values. */
|
||||||
@@ -151,6 +168,11 @@ module Public {
|
|||||||
this = TDelegateSummaryOutput(delegateIndex, parameterIndex) and
|
this = TDelegateSummaryOutput(delegateIndex, parameterIndex) and
|
||||||
result = "parameter " + parameterIndex + " of delegate parameter " + delegateIndex
|
result = "parameter " + parameterIndex + " of delegate parameter " + delegateIndex
|
||||||
)
|
)
|
||||||
|
or
|
||||||
|
exists(SummarizableCallable target, ReturnKind rk |
|
||||||
|
this = TJumpSummaryOutput(target, rk) and
|
||||||
|
result = "jump to " + target + " (" + rk + ")"
|
||||||
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,17 +3,19 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
import csharp
|
import csharp
|
||||||
|
private import DataFlow
|
||||||
|
private import semmle.code.csharp.frameworks.System
|
||||||
private import semmle.code.csharp.frameworks.system.data.Entity
|
private import semmle.code.csharp.frameworks.system.data.Entity
|
||||||
private import semmle.code.csharp.frameworks.system.collections.Generic
|
private import semmle.code.csharp.frameworks.system.collections.Generic
|
||||||
private import semmle.code.csharp.frameworks.Sql
|
private import semmle.code.csharp.frameworks.Sql
|
||||||
private import semmle.code.csharp.dataflow.LibraryTypeDataFlow
|
private import semmle.code.csharp.dataflow.FlowSummary
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Definitions relating to the `System.ComponentModel.DataAnnotations`
|
* Definitions relating to the `System.ComponentModel.DataAnnotations`
|
||||||
* namespace.
|
* namespace.
|
||||||
*/
|
*/
|
||||||
module DataAnnotations {
|
module DataAnnotations {
|
||||||
/** Class for `NotMappedAttribute`. */
|
/** The `NotMappedAttribute` attribute. */
|
||||||
class NotMappedAttribute extends Attribute {
|
class NotMappedAttribute extends Attribute {
|
||||||
NotMappedAttribute() {
|
NotMappedAttribute() {
|
||||||
this
|
this
|
||||||
@@ -23,6 +25,11 @@ module DataAnnotations {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Holds if `a` has the `[NotMapped]` attribute */
|
||||||
|
private predicate isNotMapped(Attributable a) {
|
||||||
|
a.getAnAttribute() instanceof DataAnnotations::NotMappedAttribute
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Definitions relating to the `Microsoft.EntityFrameworkCore` or
|
* Definitions relating to the `Microsoft.EntityFrameworkCore` or
|
||||||
* `System.Data.Entity` namespaces.
|
* `System.Data.Entity` namespaces.
|
||||||
@@ -66,6 +73,41 @@ module EntityFramework {
|
|||||||
/** The class `Microsoft.EntityFrameworkCore.DbSet<>` or `System.Data.Entity.DbSet<>`. */
|
/** The class `Microsoft.EntityFrameworkCore.DbSet<>` or `System.Data.Entity.DbSet<>`. */
|
||||||
class DbSet extends EFClass, UnboundGenericClass {
|
class DbSet extends EFClass, UnboundGenericClass {
|
||||||
DbSet() { this.getName() = "DbSet<>" }
|
DbSet() { this.getName() = "DbSet<>" }
|
||||||
|
|
||||||
|
/** Gets a method that adds or updates entities in a DB set. */
|
||||||
|
SummarizableMethod getAnAddOrUpdateMethod(boolean range) {
|
||||||
|
exists(string name | result = this.getAMethod(name) |
|
||||||
|
name in ["Add", "AddAsync", "Attach", "Update"] and
|
||||||
|
range = false
|
||||||
|
or
|
||||||
|
name in ["AddRange", "AddRangeAsync", "AttachRange", "UpdateRange"] and
|
||||||
|
range = true
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/** A flow summary for EntityFramework. */
|
||||||
|
abstract class EFSummarizedCallable extends SummarizedCallable { }
|
||||||
|
|
||||||
|
private class DbSetAddOrUpdate extends EFSummarizedCallable {
|
||||||
|
private boolean range;
|
||||||
|
|
||||||
|
DbSetAddOrUpdate() { this = any(DbSet c).getAnAddOrUpdateMethod(range) }
|
||||||
|
|
||||||
|
override predicate propagatesFlow(
|
||||||
|
SummaryInput input, ContentList inputContents, SummaryOutput output,
|
||||||
|
ContentList outputContents, boolean preservesValue
|
||||||
|
) {
|
||||||
|
input = SummaryInput::parameter(0) and
|
||||||
|
(
|
||||||
|
if range = true
|
||||||
|
then inputContents = ContentList::element()
|
||||||
|
else inputContents = ContentList::empty()
|
||||||
|
) and
|
||||||
|
output = SummaryOutput::thisParameter() and
|
||||||
|
outputContents = ContentList::element() and
|
||||||
|
preservesValue = true
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** The class `Microsoft.EntityFrameworkCore.DbQuery<>` or `System.Data.Entity.DbQuery<>`. */
|
/** The class `Microsoft.EntityFrameworkCore.DbQuery<>` or `System.Data.Entity.DbQuery<>`. */
|
||||||
@@ -107,29 +149,14 @@ module EntityFramework {
|
|||||||
MappedProperty() {
|
MappedProperty() {
|
||||||
this = any(MappedType t).getAMember() and
|
this = any(MappedType t).getAMember() and
|
||||||
this.isPublic() and
|
this.isPublic() and
|
||||||
not this.getAnAttribute() instanceof DataAnnotations::NotMappedAttribute
|
not isNotMapped(this)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/** The struct `Microsoft.EntityFrameworkCore.RawSqlString`. */
|
/** The struct `Microsoft.EntityFrameworkCore.RawSqlString`. */
|
||||||
class RawSqlStringStruct extends Struct, LibraryTypeDataFlow {
|
private class RawSqlStringStruct extends Struct {
|
||||||
RawSqlStringStruct() { this.getQualifiedName() = "Microsoft.EntityFrameworkCore.RawSqlString" }
|
RawSqlStringStruct() { this.getQualifiedName() = "Microsoft.EntityFrameworkCore.RawSqlString" }
|
||||||
|
|
||||||
override predicate callableFlow(
|
|
||||||
CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
|
|
||||||
boolean preservesValue
|
|
||||||
) {
|
|
||||||
c = this.getAConstructor() and
|
|
||||||
source.(CallableFlowSourceArg).getArgumentIndex() = 0 and
|
|
||||||
sink instanceof CallableFlowSinkReturn and
|
|
||||||
preservesValue = false
|
|
||||||
or
|
|
||||||
c = this.getAConversionTo() and
|
|
||||||
source.(CallableFlowSourceArg).getArgumentIndex() = 0 and
|
|
||||||
sink instanceof CallableFlowSinkReturn and
|
|
||||||
preservesValue = false
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Gets a conversion operator from `string` to `RawSqlString`. */
|
/** Gets a conversion operator from `string` to `RawSqlString`. */
|
||||||
ConversionOperator getAConversionTo() {
|
ConversionOperator getAConversionTo() {
|
||||||
result = this.getAMember() and
|
result = this.getAMember() and
|
||||||
@@ -138,6 +165,35 @@ module EntityFramework {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private class RawSqlStringSummarizedCallable extends EFSummarizedCallable {
|
||||||
|
private SummaryInput input_;
|
||||||
|
private SummaryOutput output_;
|
||||||
|
private boolean preservesValue_;
|
||||||
|
|
||||||
|
RawSqlStringSummarizedCallable() {
|
||||||
|
exists(RawSqlStringStruct s |
|
||||||
|
this = s.getAConstructor() and
|
||||||
|
input_ = SummaryInput::parameter(0) and
|
||||||
|
this.getNumberOfParameters() > 0 and
|
||||||
|
output_ = SummaryOutput::return() and
|
||||||
|
preservesValue_ = false
|
||||||
|
or
|
||||||
|
this = s.getAConversionTo() and
|
||||||
|
input_ = SummaryInput::parameter(0) and
|
||||||
|
output_ = SummaryOutput::return() and
|
||||||
|
preservesValue_ = false
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
override predicate propagatesFlow(
|
||||||
|
SummaryInput input, SummaryOutput output, boolean preservesValue
|
||||||
|
) {
|
||||||
|
input = input_ and
|
||||||
|
output = output_ and
|
||||||
|
preservesValue = preservesValue_
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A parameter that accepts raw SQL. Parameters of type `System.FormattableString`
|
* A parameter that accepts raw SQL. Parameters of type `System.FormattableString`
|
||||||
* are not included as they are not vulnerable to SQL injection.
|
* are not included as they are not vulnerable to SQL injection.
|
||||||
@@ -192,18 +248,183 @@ module EntityFramework {
|
|||||||
override Expr getSql() { result = this.getArgumentForName("sql") }
|
override Expr getSql() { result = this.getArgumentForName("sql") }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Holds if `t` is compatible with a DB column type. */
|
||||||
|
private predicate isColumnType(Type t) {
|
||||||
|
t instanceof SimpleType
|
||||||
|
or
|
||||||
|
t instanceof StringType
|
||||||
|
or
|
||||||
|
t instanceof Enum
|
||||||
|
or
|
||||||
|
t instanceof SystemDateTimeStruct
|
||||||
|
or
|
||||||
|
isColumnType(t.(NullableType).getUnderlyingType())
|
||||||
|
}
|
||||||
|
|
||||||
|
/** A DB Context. */
|
||||||
|
private class DbContextClass extends Class {
|
||||||
|
DbContextClass() { this.getBaseClass*().getSourceDeclaration() instanceof DbContext }
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* A dataflow node whereby data flows from a property write to a property read
|
* Gets a `DbSet<elementType>` property belonging to this DB context.
|
||||||
* via some database. The assumption is that all writes can flow to all reads.
|
*
|
||||||
|
* For example `Persons` with `elementType = Person` in
|
||||||
|
*
|
||||||
|
* ```csharp
|
||||||
|
* class MyContext : DbContext
|
||||||
|
* {
|
||||||
|
* public virtual DbSet<Person> Persons { get; set; }
|
||||||
|
* public virtual DbSet<Address> Addresses { get; set; }
|
||||||
|
* }
|
||||||
|
* ```
|
||||||
*/
|
*/
|
||||||
class MappedPropertyJumpNode extends DataFlow::NonLocalJumpNode {
|
private Property getADbSetProperty(Class elementType) {
|
||||||
MappedProperty property;
|
exists(ConstructedClass c |
|
||||||
|
result.getType() = c and
|
||||||
|
c.getSourceDeclaration() instanceof DbSet and
|
||||||
|
elementType = c.getTypeArgument(0) and
|
||||||
|
this.hasMember(any(Property p | result = p.getSourceDeclaration())) and
|
||||||
|
not isNotMapped([result.(Attributable), elementType])
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
MappedPropertyJumpNode() { this.asExpr() = property.getAnAssignedValue() }
|
/**
|
||||||
|
* Holds if `[c2, c1]` is part of a valid access path starting from a `DbSet<T>`
|
||||||
|
* property belonging to this DB context. `t1` is the type of `c1` and `t2` is
|
||||||
|
* the type of `c2`.
|
||||||
|
*
|
||||||
|
* If `t2` is a column type, `c2` will be included in the model (see
|
||||||
|
* https://docs.microsoft.com/en-us/ef/core/modeling/entity-types?tabs=data-annotations).
|
||||||
|
*/
|
||||||
|
private predicate step(Content c1, Type t1, Content c2, Type t2) {
|
||||||
|
exists(Property p1 |
|
||||||
|
p1 = this.getADbSetProperty(t2) and
|
||||||
|
c1.(PropertyContent).getProperty() = p1 and
|
||||||
|
t1 = p1.getType() and
|
||||||
|
c2 instanceof ElementContent
|
||||||
|
)
|
||||||
|
or
|
||||||
|
step(_, _, c1, t1) and
|
||||||
|
not isNotMapped(t2) and
|
||||||
|
(
|
||||||
|
// Navigation property (https://docs.microsoft.com/en-us/ef/ef6/fundamentals/relationships)
|
||||||
|
exists(Property p2 |
|
||||||
|
p2.getDeclaringType().(Class) = t1 and
|
||||||
|
not isColumnType(t1) and
|
||||||
|
c2.(PropertyContent).getProperty() = p2 and
|
||||||
|
t2 = p2.getType() and
|
||||||
|
not isNotMapped(p2)
|
||||||
|
)
|
||||||
|
or
|
||||||
|
exists(ConstructedInterface ci |
|
||||||
|
c1 instanceof PropertyContent and
|
||||||
|
t1.(ValueOrRefType).getABaseType*() = ci and
|
||||||
|
not t1 instanceof StringType and
|
||||||
|
ci.getSourceDeclaration() instanceof SystemCollectionsGenericIEnumerableTInterface and
|
||||||
|
c2 instanceof ElementContent and
|
||||||
|
t2 = ci.getTypeArgument(0)
|
||||||
|
)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
override DataFlow::Node getAJumpSuccessor(boolean preservesValue) {
|
/**
|
||||||
result.asExpr().(PropertyRead).getTarget() = property and
|
* Gets a property belonging to the model of this DB context, which is mapped
|
||||||
preservesValue = false
|
* directly to a column in the underlying DB.
|
||||||
|
*
|
||||||
|
* For example the `Name` and `Id` properties of `Person`, but not `Title`
|
||||||
|
* as it is explicitly unmapped, in
|
||||||
|
*
|
||||||
|
* ```csharp
|
||||||
|
* class Person
|
||||||
|
* {
|
||||||
|
* public int Id { get; set; }
|
||||||
|
* public string Name { get; set; }
|
||||||
|
*
|
||||||
|
* [NotMapped]
|
||||||
|
* public string Title { get; set; }
|
||||||
|
* }
|
||||||
|
*
|
||||||
|
* class MyContext : DbContext
|
||||||
|
* {
|
||||||
|
* public virtual DbSet<Person> Persons { get; set; }
|
||||||
|
* public virtual DbSet<Address> Addresses { get; set; }
|
||||||
|
* }
|
||||||
|
* ```
|
||||||
|
*/
|
||||||
|
private Property getAColumnProperty() {
|
||||||
|
exists(PropertyContent c, Type t |
|
||||||
|
this.step(_, _, c, t) and
|
||||||
|
c.getProperty() = result and
|
||||||
|
isColumnType(t)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Gets a `SaveChanges[Async]` method. */
|
||||||
|
pragma[nomagic]
|
||||||
|
SummarizableMethod getASaveChanges() {
|
||||||
|
this.hasMethod(result) and
|
||||||
|
result.getName().matches("SaveChanges%")
|
||||||
|
}
|
||||||
|
|
||||||
|
/** Holds if content list `head :: tail` is required. */
|
||||||
|
predicate requiresContentList(
|
||||||
|
Content head, Type headType, ContentList tail, Type tailType, Property last
|
||||||
|
) {
|
||||||
|
exists(PropertyContent p |
|
||||||
|
last = this.getAColumnProperty() and
|
||||||
|
p.getProperty() = last and
|
||||||
|
tail = ContentList::singleton(p) and
|
||||||
|
this.step(head, headType, p, tailType)
|
||||||
|
)
|
||||||
|
or
|
||||||
|
exists(Content tailHead, ContentList tailTail |
|
||||||
|
this.requiresContentList(tailHead, tailType, tailTail, _, last) and
|
||||||
|
tail = ContentList::cons(tailHead, tailTail) and
|
||||||
|
this.step(head, headType, tailHead, tailType)
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if the access path obtained by concatenating `head` onto `tail`
|
||||||
|
* is a path from `dbSet` (which is a `DbSet<T>` property belonging to
|
||||||
|
* this DB context) to `last`, which is a property that is mapped directly
|
||||||
|
* to a column in the underlying DB.
|
||||||
|
*/
|
||||||
|
pragma[noinline]
|
||||||
|
predicate pathFromDbSetToDbProperty(
|
||||||
|
Property dbSet, PropertyContent head, ContentList tail, Property last
|
||||||
|
) {
|
||||||
|
this.requiresContentList(head, _, tail, _, last) and
|
||||||
|
head.getProperty() = dbSet and
|
||||||
|
dbSet = this.getADbSetProperty(_)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private class DbContextSaveChanges extends EFSummarizedCallable {
|
||||||
|
private DbContextClass c;
|
||||||
|
|
||||||
|
DbContextSaveChanges() { this = c.getASaveChanges() }
|
||||||
|
|
||||||
|
override predicate requiresContentList(Content head, ContentList tail) {
|
||||||
|
c.requiresContentList(head, _, tail, _, _)
|
||||||
|
}
|
||||||
|
|
||||||
|
override predicate propagatesFlow(
|
||||||
|
SummaryInput input, ContentList inputContents, SummaryOutput output,
|
||||||
|
ContentList outputContents, boolean preservesValue
|
||||||
|
) {
|
||||||
|
exists(Property mapped |
|
||||||
|
preservesValue = true and
|
||||||
|
exists(PropertyContent sourceHead, ContentList sourceTail |
|
||||||
|
input = SummaryInput::thisParameter() and
|
||||||
|
c.pathFromDbSetToDbProperty(_, sourceHead, sourceTail, mapped) and
|
||||||
|
inputContents = ContentList::cons(sourceHead, sourceTail)
|
||||||
|
) and
|
||||||
|
exists(Property dbSetProp |
|
||||||
|
output = SummaryOutput::jump(dbSetProp.getGetter(), SummaryOutput::return()) and
|
||||||
|
c.pathFromDbSetToDbProperty(dbSetProp, _, outputContents, mapped)
|
||||||
|
)
|
||||||
|
)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -729,3 +729,8 @@ class SystemGuid extends SystemStruct {
|
|||||||
class SystemNotImplementedExceptionClass extends SystemClass {
|
class SystemNotImplementedExceptionClass extends SystemClass {
|
||||||
SystemNotImplementedExceptionClass() { this.hasName("NotImplementedException") }
|
SystemNotImplementedExceptionClass() { this.hasName("NotImplementedException") }
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** The `System.DateTime` struct. */
|
||||||
|
class SystemDateTimeStruct extends SystemStruct {
|
||||||
|
SystemDateTimeStruct() { this.hasName("DateTime") }
|
||||||
|
}
|
||||||
|
|||||||
@@ -1,7 +1,355 @@
|
|||||||
| EntityFramework.cs:52:18:52:24 | access to property Name | EntityFramework.cs:47:34:47:42 | "tainted" |
|
edges
|
||||||
| EntityFramework.cs:53:18:53:34 | access to property Name | EntityFramework.cs:47:34:47:42 | "tainted" |
|
| EntityFramework.cs:61:13:64:13 | { ..., ... } [Name] : String | EntityFramework.cs:68:29:68:30 | access to local variable p1 [Name] : String |
|
||||||
| EntityFrameworkCore.cs:50:18:50:28 | access to local variable taintSource | EntityFrameworkCore.cs:47:31:47:39 | "tainted" |
|
| EntityFramework.cs:63:24:63:32 | "tainted" : String | EntityFramework.cs:61:13:64:13 | { ..., ... } [Name] : String |
|
||||||
| EntityFrameworkCore.cs:51:18:51:46 | (...) ... | EntityFrameworkCore.cs:47:31:47:39 | "tainted" |
|
| EntityFramework.cs:68:13:68:15 | [post] access to local variable ctx [Persons, [], Name] : String | EntityFramework.cs:70:13:70:15 | access to local variable ctx [Persons, [], Name] : String |
|
||||||
| EntityFrameworkCore.cs:52:18:52:42 | (...) ... | EntityFrameworkCore.cs:47:31:47:39 | "tainted" |
|
| EntityFramework.cs:68:13:68:23 | [post] access to property Persons [[], Name] : String | EntityFramework.cs:68:13:68:15 | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
| EntityFrameworkCore.cs:60:18:60:24 | access to property Name | EntityFrameworkCore.cs:47:31:47:39 | "tainted" |
|
| EntityFramework.cs:68:29:68:30 | access to local variable p1 [Name] : String | EntityFramework.cs:68:13:68:23 | [post] access to property Persons [[], Name] : String |
|
||||||
| EntityFrameworkCore.cs:61:18:61:34 | access to property Name | EntityFrameworkCore.cs:47:31:47:39 | "tainted" |
|
| EntityFramework.cs:70:13:70:15 | access to local variable ctx [Persons, [], Name] : String | EntityFramework.cs:206:18:206:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:83:13:86:13 | { ..., ... } [Name] : String | EntityFramework.cs:90:29:90:30 | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFramework.cs:85:24:85:32 | "tainted" : String | EntityFramework.cs:83:13:86:13 | { ..., ... } [Name] : String |
|
||||||
|
| EntityFramework.cs:90:13:90:15 | [post] access to local variable ctx [Persons, [], Name] : String | EntityFramework.cs:92:19:92:21 | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:90:13:90:23 | [post] access to property Persons [[], Name] : String | EntityFramework.cs:90:13:90:15 | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:90:29:90:30 | access to local variable p1 [Name] : String | EntityFramework.cs:90:13:90:23 | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:92:19:92:21 | access to local variable ctx [Persons, [], Name] : String | EntityFramework.cs:206:18:206:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:105:13:108:13 | { ..., ... } [Name] : String | EntityFramework.cs:111:27:111:28 | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFramework.cs:107:24:107:32 | "tainted" : String | EntityFramework.cs:105:13:108:13 | { ..., ... } [Name] : String |
|
||||||
|
| EntityFramework.cs:111:27:111:28 | access to local variable p1 [Name] : String | EntityFramework.cs:195:35:195:35 | p [Name] : String |
|
||||||
|
| EntityFramework.cs:124:13:127:13 | { ..., ... } [Title] : String | EntityFramework.cs:131:18:131:19 | access to local variable p1 [Title] : String |
|
||||||
|
| EntityFramework.cs:126:25:126:33 | "tainted" : String | EntityFramework.cs:124:13:127:13 | { ..., ... } [Title] : String |
|
||||||
|
| EntityFramework.cs:131:18:131:19 | access to local variable p1 [Title] : String | EntityFramework.cs:131:18:131:25 | access to property Title |
|
||||||
|
| EntityFramework.cs:143:13:150:13 | { ..., ... } [Addresses, [], Street] : String | EntityFramework.cs:151:29:151:30 | access to local variable p1 [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:144:29:149:17 | array creation of type Address[] [[], Street] : String | EntityFramework.cs:143:13:150:13 | { ..., ... } [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:144:35:149:17 | { ..., ... } [[], Street] : String | EntityFramework.cs:144:29:149:17 | array creation of type Address[] [[], Street] : String |
|
||||||
|
| EntityFramework.cs:145:21:148:21 | object creation of type Address [Street] : String | EntityFramework.cs:144:35:149:17 | { ..., ... } [[], Street] : String |
|
||||||
|
| EntityFramework.cs:145:33:148:21 | { ..., ... } [Street] : String | EntityFramework.cs:145:21:148:21 | object creation of type Address [Street] : String |
|
||||||
|
| EntityFramework.cs:147:34:147:42 | "tainted" : String | EntityFramework.cs:145:33:148:21 | { ..., ... } [Street] : String |
|
||||||
|
| EntityFramework.cs:151:13:151:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:152:13:152:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:151:13:151:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:156:13:156:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:151:13:151:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:164:13:164:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:151:13:151:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:168:13:168:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:151:13:151:23 | [post] access to property Persons [[], Addresses, [], Street] : String | EntityFramework.cs:151:13:151:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:151:29:151:30 | access to local variable p1 [Addresses, [], Street] : String | EntityFramework.cs:151:13:151:23 | [post] access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:152:13:152:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:152:13:152:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:156:13:156:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:156:13:156:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:159:13:162:13 | { ..., ... } [Street] : String | EntityFramework.cs:163:31:163:32 | access to local variable a1 [Street] : String |
|
||||||
|
| EntityFramework.cs:161:26:161:34 | "tainted" : String | EntityFramework.cs:159:13:162:13 | { ..., ... } [Street] : String |
|
||||||
|
| EntityFramework.cs:163:13:163:15 | [post] access to local variable ctx [Addresses, [], Street] : String | EntityFramework.cs:164:13:164:15 | access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:163:13:163:15 | [post] access to local variable ctx [Addresses, [], Street] : String | EntityFramework.cs:168:13:168:15 | access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:163:13:163:25 | [post] access to property Addresses [[], Street] : String | EntityFramework.cs:163:13:163:15 | [post] access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:163:31:163:32 | access to local variable a1 [Street] : String | EntityFramework.cs:163:13:163:25 | [post] access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:164:13:164:15 | access to local variable ctx [Addresses, [], Street] : String | EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:164:13:164:15 | access to local variable ctx [Addresses, [], Street] : String | EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:164:13:164:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:164:13:164:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:168:13:168:15 | access to local variable ctx [Addresses, [], Street] : String | EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:168:13:168:15 | access to local variable ctx [Addresses, [], Street] : String | EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:168:13:168:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:168:13:168:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:175:13:178:13 | { ..., ... } [Name] : String | EntityFramework.cs:184:71:184:72 | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFramework.cs:177:24:177:32 | "tainted" : String | EntityFramework.cs:175:13:178:13 | { ..., ... } [Name] : String |
|
||||||
|
| EntityFramework.cs:180:13:183:13 | { ..., ... } [Street] : String | EntityFramework.cs:184:85:184:86 | access to local variable a1 [Street] : String |
|
||||||
|
| EntityFramework.cs:182:26:182:34 | "tainted" : String | EntityFramework.cs:180:13:183:13 | { ..., ... } [Street] : String |
|
||||||
|
| EntityFramework.cs:184:60:184:88 | { ..., ... } [Address, Street] : String | EntityFramework.cs:185:37:185:53 | access to local variable personAddressMap1 [Address, Street] : String |
|
||||||
|
| EntityFramework.cs:184:60:184:88 | { ..., ... } [Person, Name] : String | EntityFramework.cs:185:37:185:53 | access to local variable personAddressMap1 [Person, Name] : String |
|
||||||
|
| EntityFramework.cs:184:71:184:72 | access to local variable p1 [Name] : String | EntityFramework.cs:184:60:184:88 | { ..., ... } [Person, Name] : String |
|
||||||
|
| EntityFramework.cs:184:85:184:86 | access to local variable a1 [Street] : String | EntityFramework.cs:184:60:184:88 | { ..., ... } [Address, Street] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:15 | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFramework.cs:186:13:186:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:15 | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFramework.cs:192:13:192:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:15 | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String | EntityFramework.cs:186:13:186:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:15 | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String | EntityFramework.cs:192:13:192:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:31 | [post] access to property PersonAddresses [[], Address, Street] : String | EntityFramework.cs:185:13:185:15 | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:31 | [post] access to property PersonAddresses [[], Person, Name] : String | EntityFramework.cs:185:13:185:15 | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFramework.cs:185:37:185:53 | access to local variable personAddressMap1 [Address, Street] : String | EntityFramework.cs:185:13:185:31 | [post] access to property PersonAddresses [[], Address, Street] : String |
|
||||||
|
| EntityFramework.cs:185:37:185:53 | access to local variable personAddressMap1 [Person, Name] : String | EntityFramework.cs:185:13:185:31 | [post] access to property PersonAddresses [[], Person, Name] : String |
|
||||||
|
| EntityFramework.cs:186:13:186:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:186:13:186:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:186:13:186:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String | EntityFramework.cs:206:18:206:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:192:13:192:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:192:13:192:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:192:13:192:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String | EntityFramework.cs:206:18:206:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:195:35:195:35 | p [Name] : String | EntityFramework.cs:198:29:198:29 | access to parameter p [Name] : String |
|
||||||
|
| EntityFramework.cs:198:13:198:15 | [post] access to local variable ctx [Persons, [], Name] : String | EntityFramework.cs:199:13:199:15 | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:198:13:198:23 | [post] access to property Persons [[], Name] : String | EntityFramework.cs:198:13:198:15 | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:198:29:198:29 | access to parameter p [Name] : String | EntityFramework.cs:198:13:198:23 | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:199:13:199:15 | access to local variable ctx [Persons, [], Name] : String | EntityFramework.cs:206:18:206:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:206:18:206:28 | access to property Persons [[], Name] : String | EntityFramework.cs:206:18:206:36 | call to method First [Name] : String |
|
||||||
|
| EntityFramework.cs:206:18:206:36 | call to method First [Name] : String | EntityFramework.cs:206:18:206:41 | access to property Name |
|
||||||
|
| EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String | EntityFramework.cs:214:18:214:38 | call to method First [Street] : String |
|
||||||
|
| EntityFramework.cs:214:18:214:38 | call to method First [Street] : String | EntityFramework.cs:214:18:214:45 | access to property Street |
|
||||||
|
| EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String | EntityFramework.cs:221:18:221:36 | call to method First [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:221:18:221:36 | call to method First [Addresses, [], Street] : String | EntityFramework.cs:221:18:221:46 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:221:18:221:46 | access to property Addresses [[], Street] : String | EntityFramework.cs:221:18:221:54 | call to method First [Street] : String |
|
||||||
|
| EntityFramework.cs:221:18:221:54 | call to method First [Street] : String | EntityFramework.cs:221:18:221:61 | access to property Street |
|
||||||
|
| EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | EntityFrameworkCore.cs:76:18:76:28 | access to local variable taintSource |
|
||||||
|
| EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | EntityFrameworkCore.cs:77:35:77:45 | access to local variable taintSource : String |
|
||||||
|
| EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | EntityFrameworkCore.cs:78:32:78:42 | access to local variable taintSource : String |
|
||||||
|
| EntityFrameworkCore.cs:77:18:77:46 | object creation of type RawSqlString : RawSqlString | EntityFrameworkCore.cs:77:18:77:46 | (...) ... |
|
||||||
|
| EntityFrameworkCore.cs:77:35:77:45 | access to local variable taintSource : String | EntityFrameworkCore.cs:77:18:77:46 | object creation of type RawSqlString : RawSqlString |
|
||||||
|
| EntityFrameworkCore.cs:78:18:78:42 | call to operator implicit conversion : RawSqlString | EntityFrameworkCore.cs:78:18:78:42 | (...) ... |
|
||||||
|
| EntityFrameworkCore.cs:78:32:78:42 | access to local variable taintSource : String | EntityFrameworkCore.cs:78:18:78:42 | call to operator implicit conversion : RawSqlString |
|
||||||
|
| EntityFrameworkCore.cs:85:13:88:13 | { ..., ... } [Name] : String | EntityFrameworkCore.cs:92:29:92:30 | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:87:24:87:32 | "tainted" : String | EntityFrameworkCore.cs:85:13:88:13 | { ..., ... } [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:92:13:92:15 | [post] access to local variable ctx [Persons, [], Name] : String | EntityFrameworkCore.cs:94:13:94:15 | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:92:13:92:23 | [post] access to property Persons [[], Name] : String | EntityFrameworkCore.cs:92:13:92:15 | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:92:29:92:30 | access to local variable p1 [Name] : String | EntityFrameworkCore.cs:92:13:92:23 | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:94:13:94:15 | access to local variable ctx [Persons, [], Name] : String | EntityFrameworkCore.cs:230:18:230:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:107:13:110:13 | { ..., ... } [Name] : String | EntityFrameworkCore.cs:114:29:114:30 | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:109:24:109:32 | "tainted" : String | EntityFrameworkCore.cs:107:13:110:13 | { ..., ... } [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:114:13:114:15 | [post] access to local variable ctx [Persons, [], Name] : String | EntityFrameworkCore.cs:116:19:116:21 | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:114:13:114:23 | [post] access to property Persons [[], Name] : String | EntityFrameworkCore.cs:114:13:114:15 | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:114:29:114:30 | access to local variable p1 [Name] : String | EntityFrameworkCore.cs:114:13:114:23 | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:116:19:116:21 | access to local variable ctx [Persons, [], Name] : String | EntityFrameworkCore.cs:230:18:230:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:129:13:132:13 | { ..., ... } [Name] : String | EntityFrameworkCore.cs:135:27:135:28 | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:131:24:131:32 | "tainted" : String | EntityFrameworkCore.cs:129:13:132:13 | { ..., ... } [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:135:27:135:28 | access to local variable p1 [Name] : String | EntityFrameworkCore.cs:219:35:219:35 | p [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:148:13:151:13 | { ..., ... } [Title] : String | EntityFrameworkCore.cs:155:18:155:19 | access to local variable p1 [Title] : String |
|
||||||
|
| EntityFrameworkCore.cs:150:25:150:33 | "tainted" : String | EntityFrameworkCore.cs:148:13:151:13 | { ..., ... } [Title] : String |
|
||||||
|
| EntityFrameworkCore.cs:155:18:155:19 | access to local variable p1 [Title] : String | EntityFrameworkCore.cs:155:18:155:25 | access to property Title |
|
||||||
|
| EntityFrameworkCore.cs:167:13:174:13 | { ..., ... } [Addresses, [], Street] : String | EntityFrameworkCore.cs:175:29:175:30 | access to local variable p1 [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:168:29:173:17 | array creation of type Address[] [[], Street] : String | EntityFrameworkCore.cs:167:13:174:13 | { ..., ... } [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:168:35:173:17 | { ..., ... } [[], Street] : String | EntityFrameworkCore.cs:168:29:173:17 | array creation of type Address[] [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:169:21:172:21 | object creation of type Address [Street] : String | EntityFrameworkCore.cs:168:35:173:17 | { ..., ... } [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:169:33:172:21 | { ..., ... } [Street] : String | EntityFrameworkCore.cs:169:21:172:21 | object creation of type Address [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:171:34:171:42 | "tainted" : String | EntityFrameworkCore.cs:169:33:172:21 | { ..., ... } [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:175:13:175:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:176:13:176:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:175:13:175:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:180:13:180:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:175:13:175:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:188:13:188:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:175:13:175:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:192:13:192:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:175:13:175:23 | [post] access to property Persons [[], Addresses, [], Street] : String | EntityFrameworkCore.cs:175:13:175:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:175:29:175:30 | access to local variable p1 [Addresses, [], Street] : String | EntityFrameworkCore.cs:175:13:175:23 | [post] access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:176:13:176:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:176:13:176:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:180:13:180:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:180:13:180:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:183:13:186:13 | { ..., ... } [Street] : String | EntityFrameworkCore.cs:187:31:187:32 | access to local variable a1 [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:185:26:185:34 | "tainted" : String | EntityFrameworkCore.cs:183:13:186:13 | { ..., ... } [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:187:13:187:15 | [post] access to local variable ctx [Addresses, [], Street] : String | EntityFrameworkCore.cs:188:13:188:15 | access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:187:13:187:15 | [post] access to local variable ctx [Addresses, [], Street] : String | EntityFrameworkCore.cs:192:13:192:15 | access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:187:13:187:25 | [post] access to property Addresses [[], Street] : String | EntityFrameworkCore.cs:187:13:187:15 | [post] access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:187:31:187:32 | access to local variable a1 [Street] : String | EntityFrameworkCore.cs:187:13:187:25 | [post] access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:188:13:188:15 | access to local variable ctx [Addresses, [], Street] : String | EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:188:13:188:15 | access to local variable ctx [Addresses, [], Street] : String | EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:188:13:188:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:188:13:188:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:192:13:192:15 | access to local variable ctx [Addresses, [], Street] : String | EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:192:13:192:15 | access to local variable ctx [Addresses, [], Street] : String | EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:192:13:192:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:192:13:192:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:199:13:202:13 | { ..., ... } [Name] : String | EntityFrameworkCore.cs:208:71:208:72 | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:201:24:201:32 | "tainted" : String | EntityFrameworkCore.cs:199:13:202:13 | { ..., ... } [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:204:13:207:13 | { ..., ... } [Street] : String | EntityFrameworkCore.cs:208:85:208:86 | access to local variable a1 [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:206:26:206:34 | "tainted" : String | EntityFrameworkCore.cs:204:13:207:13 | { ..., ... } [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:208:60:208:88 | { ..., ... } [Address, Street] : String | EntityFrameworkCore.cs:209:37:209:53 | access to local variable personAddressMap1 [Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:208:60:208:88 | { ..., ... } [Person, Name] : String | EntityFrameworkCore.cs:209:37:209:53 | access to local variable personAddressMap1 [Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:208:71:208:72 | access to local variable p1 [Name] : String | EntityFrameworkCore.cs:208:60:208:88 | { ..., ... } [Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:208:85:208:86 | access to local variable a1 [Street] : String | EntityFrameworkCore.cs:208:60:208:88 | { ..., ... } [Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:15 | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFrameworkCore.cs:210:13:210:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:15 | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFrameworkCore.cs:216:13:216:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:15 | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String | EntityFrameworkCore.cs:210:13:210:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:15 | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String | EntityFrameworkCore.cs:216:13:216:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:31 | [post] access to property PersonAddresses [[], Address, Street] : String | EntityFrameworkCore.cs:209:13:209:15 | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:31 | [post] access to property PersonAddresses [[], Person, Name] : String | EntityFrameworkCore.cs:209:13:209:15 | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:37:209:53 | access to local variable personAddressMap1 [Address, Street] : String | EntityFrameworkCore.cs:209:13:209:31 | [post] access to property PersonAddresses [[], Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:37:209:53 | access to local variable personAddressMap1 [Person, Name] : String | EntityFrameworkCore.cs:209:13:209:31 | [post] access to property PersonAddresses [[], Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:210:13:210:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:210:13:210:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:210:13:210:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String | EntityFrameworkCore.cs:230:18:230:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:216:13:216:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:216:13:216:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:216:13:216:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String | EntityFrameworkCore.cs:230:18:230:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:219:35:219:35 | p [Name] : String | EntityFrameworkCore.cs:222:29:222:29 | access to parameter p [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:222:13:222:15 | [post] access to local variable ctx [Persons, [], Name] : String | EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:222:13:222:23 | [post] access to property Persons [[], Name] : String | EntityFrameworkCore.cs:222:13:222:15 | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:222:29:222:29 | access to parameter p [Name] : String | EntityFrameworkCore.cs:222:13:222:23 | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx [Persons, [], Name] : String | EntityFrameworkCore.cs:230:18:230:28 | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:28 | access to property Persons [[], Name] : String | EntityFrameworkCore.cs:230:18:230:36 | call to method First [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:36 | call to method First [Name] : String | EntityFrameworkCore.cs:230:18:230:41 | access to property Name |
|
||||||
|
| EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String | EntityFrameworkCore.cs:238:18:238:38 | call to method First [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:238:18:238:38 | call to method First [Street] : String | EntityFrameworkCore.cs:238:18:238:45 | access to property Street |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String | EntityFrameworkCore.cs:245:18:245:36 | call to method First [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:36 | call to method First [Addresses, [], Street] : String | EntityFrameworkCore.cs:245:18:245:46 | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:46 | access to property Addresses [[], Street] : String | EntityFrameworkCore.cs:245:18:245:54 | call to method First [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:54 | call to method First [Street] : String | EntityFrameworkCore.cs:245:18:245:61 | access to property Street |
|
||||||
|
nodes
|
||||||
|
| EntityFramework.cs:61:13:64:13 | { ..., ... } [Name] : String | semmle.label | { ..., ... } [Name] : String |
|
||||||
|
| EntityFramework.cs:63:24:63:32 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFramework.cs:68:13:68:15 | [post] access to local variable ctx [Persons, [], Name] : String | semmle.label | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:68:13:68:23 | [post] access to property Persons [[], Name] : String | semmle.label | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:68:29:68:30 | access to local variable p1 [Name] : String | semmle.label | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFramework.cs:70:13:70:15 | access to local variable ctx [Persons, [], Name] : String | semmle.label | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:83:13:86:13 | { ..., ... } [Name] : String | semmle.label | { ..., ... } [Name] : String |
|
||||||
|
| EntityFramework.cs:85:24:85:32 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFramework.cs:90:13:90:15 | [post] access to local variable ctx [Persons, [], Name] : String | semmle.label | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:90:13:90:23 | [post] access to property Persons [[], Name] : String | semmle.label | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:90:29:90:30 | access to local variable p1 [Name] : String | semmle.label | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFramework.cs:92:19:92:21 | access to local variable ctx [Persons, [], Name] : String | semmle.label | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:105:13:108:13 | { ..., ... } [Name] : String | semmle.label | { ..., ... } [Name] : String |
|
||||||
|
| EntityFramework.cs:107:24:107:32 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFramework.cs:111:27:111:28 | access to local variable p1 [Name] : String | semmle.label | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFramework.cs:124:13:127:13 | { ..., ... } [Title] : String | semmle.label | { ..., ... } [Title] : String |
|
||||||
|
| EntityFramework.cs:126:25:126:33 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFramework.cs:131:18:131:19 | access to local variable p1 [Title] : String | semmle.label | access to local variable p1 [Title] : String |
|
||||||
|
| EntityFramework.cs:131:18:131:25 | access to property Title | semmle.label | access to property Title |
|
||||||
|
| EntityFramework.cs:143:13:150:13 | { ..., ... } [Addresses, [], Street] : String | semmle.label | { ..., ... } [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:144:29:149:17 | array creation of type Address[] [[], Street] : String | semmle.label | array creation of type Address[] [[], Street] : String |
|
||||||
|
| EntityFramework.cs:144:35:149:17 | { ..., ... } [[], Street] : String | semmle.label | { ..., ... } [[], Street] : String |
|
||||||
|
| EntityFramework.cs:145:21:148:21 | object creation of type Address [Street] : String | semmle.label | object creation of type Address [Street] : String |
|
||||||
|
| EntityFramework.cs:145:33:148:21 | { ..., ... } [Street] : String | semmle.label | { ..., ... } [Street] : String |
|
||||||
|
| EntityFramework.cs:147:34:147:42 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFramework.cs:151:13:151:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:151:13:151:23 | [post] access to property Persons [[], Addresses, [], Street] : String | semmle.label | [post] access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:151:29:151:30 | access to local variable p1 [Addresses, [], Street] : String | semmle.label | access to local variable p1 [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:152:13:152:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:156:13:156:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:159:13:162:13 | { ..., ... } [Street] : String | semmle.label | { ..., ... } [Street] : String |
|
||||||
|
| EntityFramework.cs:161:26:161:34 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFramework.cs:163:13:163:15 | [post] access to local variable ctx [Addresses, [], Street] : String | semmle.label | [post] access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:163:13:163:25 | [post] access to property Addresses [[], Street] : String | semmle.label | [post] access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:163:31:163:32 | access to local variable a1 [Street] : String | semmle.label | access to local variable a1 [Street] : String |
|
||||||
|
| EntityFramework.cs:164:13:164:15 | access to local variable ctx [Addresses, [], Street] : String | semmle.label | access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:164:13:164:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:168:13:168:15 | access to local variable ctx [Addresses, [], Street] : String | semmle.label | access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:168:13:168:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:175:13:178:13 | { ..., ... } [Name] : String | semmle.label | { ..., ... } [Name] : String |
|
||||||
|
| EntityFramework.cs:177:24:177:32 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFramework.cs:180:13:183:13 | { ..., ... } [Street] : String | semmle.label | { ..., ... } [Street] : String |
|
||||||
|
| EntityFramework.cs:182:26:182:34 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFramework.cs:184:60:184:88 | { ..., ... } [Address, Street] : String | semmle.label | { ..., ... } [Address, Street] : String |
|
||||||
|
| EntityFramework.cs:184:60:184:88 | { ..., ... } [Person, Name] : String | semmle.label | { ..., ... } [Person, Name] : String |
|
||||||
|
| EntityFramework.cs:184:71:184:72 | access to local variable p1 [Name] : String | semmle.label | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFramework.cs:184:85:184:86 | access to local variable a1 [Street] : String | semmle.label | access to local variable a1 [Street] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:15 | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String | semmle.label | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:15 | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String | semmle.label | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:31 | [post] access to property PersonAddresses [[], Address, Street] : String | semmle.label | [post] access to property PersonAddresses [[], Address, Street] : String |
|
||||||
|
| EntityFramework.cs:185:13:185:31 | [post] access to property PersonAddresses [[], Person, Name] : String | semmle.label | [post] access to property PersonAddresses [[], Person, Name] : String |
|
||||||
|
| EntityFramework.cs:185:37:185:53 | access to local variable personAddressMap1 [Address, Street] : String | semmle.label | access to local variable personAddressMap1 [Address, Street] : String |
|
||||||
|
| EntityFramework.cs:185:37:185:53 | access to local variable personAddressMap1 [Person, Name] : String | semmle.label | access to local variable personAddressMap1 [Person, Name] : String |
|
||||||
|
| EntityFramework.cs:186:13:186:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | semmle.label | access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFramework.cs:186:13:186:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String | semmle.label | access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFramework.cs:192:13:192:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | semmle.label | access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFramework.cs:192:13:192:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String | semmle.label | access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFramework.cs:195:35:195:35 | p [Name] : String | semmle.label | p [Name] : String |
|
||||||
|
| EntityFramework.cs:198:13:198:15 | [post] access to local variable ctx [Persons, [], Name] : String | semmle.label | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:198:13:198:23 | [post] access to property Persons [[], Name] : String | semmle.label | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:198:29:198:29 | access to parameter p [Name] : String | semmle.label | access to parameter p [Name] : String |
|
||||||
|
| EntityFramework.cs:199:13:199:15 | access to local variable ctx [Persons, [], Name] : String | semmle.label | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFramework.cs:206:18:206:28 | access to property Persons [[], Name] : String | semmle.label | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFramework.cs:206:18:206:36 | call to method First [Name] : String | semmle.label | call to method First [Name] : String |
|
||||||
|
| EntityFramework.cs:206:18:206:41 | access to property Name | semmle.label | access to property Name |
|
||||||
|
| EntityFramework.cs:214:18:214:30 | access to property Addresses [[], Street] : String | semmle.label | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:214:18:214:38 | call to method First [Street] : String | semmle.label | call to method First [Street] : String |
|
||||||
|
| EntityFramework.cs:214:18:214:45 | access to property Street | semmle.label | access to property Street |
|
||||||
|
| EntityFramework.cs:221:18:221:28 | access to property Persons [[], Addresses, [], Street] : String | semmle.label | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:221:18:221:36 | call to method First [Addresses, [], Street] : String | semmle.label | call to method First [Addresses, [], Street] : String |
|
||||||
|
| EntityFramework.cs:221:18:221:46 | access to property Addresses [[], Street] : String | semmle.label | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFramework.cs:221:18:221:54 | call to method First [Street] : String | semmle.label | call to method First [Street] : String |
|
||||||
|
| EntityFramework.cs:221:18:221:61 | access to property Street | semmle.label | access to property Street |
|
||||||
|
| EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:76:18:76:28 | access to local variable taintSource | semmle.label | access to local variable taintSource |
|
||||||
|
| EntityFrameworkCore.cs:77:18:77:46 | (...) ... | semmle.label | (...) ... |
|
||||||
|
| EntityFrameworkCore.cs:77:18:77:46 | object creation of type RawSqlString : RawSqlString | semmle.label | object creation of type RawSqlString : RawSqlString |
|
||||||
|
| EntityFrameworkCore.cs:77:35:77:45 | access to local variable taintSource : String | semmle.label | access to local variable taintSource : String |
|
||||||
|
| EntityFrameworkCore.cs:78:18:78:42 | (...) ... | semmle.label | (...) ... |
|
||||||
|
| EntityFrameworkCore.cs:78:18:78:42 | call to operator implicit conversion : RawSqlString | semmle.label | call to operator implicit conversion : RawSqlString |
|
||||||
|
| EntityFrameworkCore.cs:78:32:78:42 | access to local variable taintSource : String | semmle.label | access to local variable taintSource : String |
|
||||||
|
| EntityFrameworkCore.cs:85:13:88:13 | { ..., ... } [Name] : String | semmle.label | { ..., ... } [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:87:24:87:32 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:92:13:92:15 | [post] access to local variable ctx [Persons, [], Name] : String | semmle.label | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:92:13:92:23 | [post] access to property Persons [[], Name] : String | semmle.label | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:92:29:92:30 | access to local variable p1 [Name] : String | semmle.label | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:94:13:94:15 | access to local variable ctx [Persons, [], Name] : String | semmle.label | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:107:13:110:13 | { ..., ... } [Name] : String | semmle.label | { ..., ... } [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:109:24:109:32 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:114:13:114:15 | [post] access to local variable ctx [Persons, [], Name] : String | semmle.label | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:114:13:114:23 | [post] access to property Persons [[], Name] : String | semmle.label | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:114:29:114:30 | access to local variable p1 [Name] : String | semmle.label | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:116:19:116:21 | access to local variable ctx [Persons, [], Name] : String | semmle.label | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:129:13:132:13 | { ..., ... } [Name] : String | semmle.label | { ..., ... } [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:131:24:131:32 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:135:27:135:28 | access to local variable p1 [Name] : String | semmle.label | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:148:13:151:13 | { ..., ... } [Title] : String | semmle.label | { ..., ... } [Title] : String |
|
||||||
|
| EntityFrameworkCore.cs:150:25:150:33 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:155:18:155:19 | access to local variable p1 [Title] : String | semmle.label | access to local variable p1 [Title] : String |
|
||||||
|
| EntityFrameworkCore.cs:155:18:155:25 | access to property Title | semmle.label | access to property Title |
|
||||||
|
| EntityFrameworkCore.cs:167:13:174:13 | { ..., ... } [Addresses, [], Street] : String | semmle.label | { ..., ... } [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:168:29:173:17 | array creation of type Address[] [[], Street] : String | semmle.label | array creation of type Address[] [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:168:35:173:17 | { ..., ... } [[], Street] : String | semmle.label | { ..., ... } [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:169:21:172:21 | object creation of type Address [Street] : String | semmle.label | object creation of type Address [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:169:33:172:21 | { ..., ... } [Street] : String | semmle.label | { ..., ... } [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:171:34:171:42 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:175:13:175:15 | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | [post] access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:175:13:175:23 | [post] access to property Persons [[], Addresses, [], Street] : String | semmle.label | [post] access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:175:29:175:30 | access to local variable p1 [Addresses, [], Street] : String | semmle.label | access to local variable p1 [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:176:13:176:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:180:13:180:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:183:13:186:13 | { ..., ... } [Street] : String | semmle.label | { ..., ... } [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:185:26:185:34 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:187:13:187:15 | [post] access to local variable ctx [Addresses, [], Street] : String | semmle.label | [post] access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:187:13:187:25 | [post] access to property Addresses [[], Street] : String | semmle.label | [post] access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:187:31:187:32 | access to local variable a1 [Street] : String | semmle.label | access to local variable a1 [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:188:13:188:15 | access to local variable ctx [Addresses, [], Street] : String | semmle.label | access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:188:13:188:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:192:13:192:15 | access to local variable ctx [Addresses, [], Street] : String | semmle.label | access to local variable ctx [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:192:13:192:15 | access to local variable ctx [Persons, [], Addresses, [], Street] : String | semmle.label | access to local variable ctx [Persons, [], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:199:13:202:13 | { ..., ... } [Name] : String | semmle.label | { ..., ... } [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:201:24:201:32 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:204:13:207:13 | { ..., ... } [Street] : String | semmle.label | { ..., ... } [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:206:26:206:34 | "tainted" : String | semmle.label | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:208:60:208:88 | { ..., ... } [Address, Street] : String | semmle.label | { ..., ... } [Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:208:60:208:88 | { ..., ... } [Person, Name] : String | semmle.label | { ..., ... } [Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:208:71:208:72 | access to local variable p1 [Name] : String | semmle.label | access to local variable p1 [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:208:85:208:86 | access to local variable a1 [Street] : String | semmle.label | access to local variable a1 [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:15 | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String | semmle.label | [post] access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:15 | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String | semmle.label | [post] access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:31 | [post] access to property PersonAddresses [[], Address, Street] : String | semmle.label | [post] access to property PersonAddresses [[], Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:13:209:31 | [post] access to property PersonAddresses [[], Person, Name] : String | semmle.label | [post] access to property PersonAddresses [[], Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:37:209:53 | access to local variable personAddressMap1 [Address, Street] : String | semmle.label | access to local variable personAddressMap1 [Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:209:37:209:53 | access to local variable personAddressMap1 [Person, Name] : String | semmle.label | access to local variable personAddressMap1 [Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:210:13:210:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | semmle.label | access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:210:13:210:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String | semmle.label | access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:216:13:216:15 | access to local variable ctx [PersonAddresses, [], Address, Street] : String | semmle.label | access to local variable ctx [PersonAddresses, [], Address, Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:216:13:216:15 | access to local variable ctx [PersonAddresses, [], Person, Name] : String | semmle.label | access to local variable ctx [PersonAddresses, [], Person, Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:219:35:219:35 | p [Name] : String | semmle.label | p [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:222:13:222:15 | [post] access to local variable ctx [Persons, [], Name] : String | semmle.label | [post] access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:222:13:222:23 | [post] access to property Persons [[], Name] : String | semmle.label | [post] access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:222:29:222:29 | access to parameter p [Name] : String | semmle.label | access to parameter p [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx [Persons, [], Name] : String | semmle.label | access to local variable ctx [Persons, [], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:28 | access to property Persons [[], Name] : String | semmle.label | access to property Persons [[], Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:36 | call to method First [Name] : String | semmle.label | call to method First [Name] : String |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:41 | access to property Name | semmle.label | access to property Name |
|
||||||
|
| EntityFrameworkCore.cs:238:18:238:30 | access to property Addresses [[], Street] : String | semmle.label | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:238:18:238:38 | call to method First [Street] : String | semmle.label | call to method First [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:238:18:238:45 | access to property Street | semmle.label | access to property Street |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:28 | access to property Persons [[], Addresses, [], Street] : String | semmle.label | access to property Persons [[], Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:36 | call to method First [Addresses, [], Street] : String | semmle.label | call to method First [Addresses, [], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:46 | access to property Addresses [[], Street] : String | semmle.label | access to property Addresses [[], Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:54 | call to method First [Street] : String | semmle.label | call to method First [Street] : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:61 | access to property Street | semmle.label | access to property Street |
|
||||||
|
#select
|
||||||
|
| EntityFramework.cs:131:18:131:25 | access to property Title | EntityFramework.cs:126:25:126:33 | "tainted" : String | EntityFramework.cs:131:18:131:25 | access to property Title | $@ | EntityFramework.cs:126:25:126:33 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:206:18:206:41 | access to property Name | EntityFramework.cs:63:24:63:32 | "tainted" : String | EntityFramework.cs:206:18:206:41 | access to property Name | $@ | EntityFramework.cs:63:24:63:32 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:206:18:206:41 | access to property Name | EntityFramework.cs:85:24:85:32 | "tainted" : String | EntityFramework.cs:206:18:206:41 | access to property Name | $@ | EntityFramework.cs:85:24:85:32 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:206:18:206:41 | access to property Name | EntityFramework.cs:107:24:107:32 | "tainted" : String | EntityFramework.cs:206:18:206:41 | access to property Name | $@ | EntityFramework.cs:107:24:107:32 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:206:18:206:41 | access to property Name | EntityFramework.cs:177:24:177:32 | "tainted" : String | EntityFramework.cs:206:18:206:41 | access to property Name | $@ | EntityFramework.cs:177:24:177:32 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:214:18:214:45 | access to property Street | EntityFramework.cs:147:34:147:42 | "tainted" : String | EntityFramework.cs:214:18:214:45 | access to property Street | $@ | EntityFramework.cs:147:34:147:42 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:214:18:214:45 | access to property Street | EntityFramework.cs:161:26:161:34 | "tainted" : String | EntityFramework.cs:214:18:214:45 | access to property Street | $@ | EntityFramework.cs:161:26:161:34 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:214:18:214:45 | access to property Street | EntityFramework.cs:182:26:182:34 | "tainted" : String | EntityFramework.cs:214:18:214:45 | access to property Street | $@ | EntityFramework.cs:182:26:182:34 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:221:18:221:61 | access to property Street | EntityFramework.cs:147:34:147:42 | "tainted" : String | EntityFramework.cs:221:18:221:61 | access to property Street | $@ | EntityFramework.cs:147:34:147:42 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:221:18:221:61 | access to property Street | EntityFramework.cs:161:26:161:34 | "tainted" : String | EntityFramework.cs:221:18:221:61 | access to property Street | $@ | EntityFramework.cs:161:26:161:34 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFramework.cs:221:18:221:61 | access to property Street | EntityFramework.cs:182:26:182:34 | "tainted" : String | EntityFramework.cs:221:18:221:61 | access to property Street | $@ | EntityFramework.cs:182:26:182:34 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:76:18:76:28 | access to local variable taintSource | EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | EntityFrameworkCore.cs:76:18:76:28 | access to local variable taintSource | $@ | EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:77:18:77:46 | (...) ... | EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | EntityFrameworkCore.cs:77:18:77:46 | (...) ... | $@ | EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:78:18:78:42 | (...) ... | EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | EntityFrameworkCore.cs:78:18:78:42 | (...) ... | $@ | EntityFrameworkCore.cs:75:31:75:39 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:155:18:155:25 | access to property Title | EntityFrameworkCore.cs:150:25:150:33 | "tainted" : String | EntityFrameworkCore.cs:155:18:155:25 | access to property Title | $@ | EntityFrameworkCore.cs:150:25:150:33 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:41 | access to property Name | EntityFrameworkCore.cs:87:24:87:32 | "tainted" : String | EntityFrameworkCore.cs:230:18:230:41 | access to property Name | $@ | EntityFrameworkCore.cs:87:24:87:32 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:41 | access to property Name | EntityFrameworkCore.cs:109:24:109:32 | "tainted" : String | EntityFrameworkCore.cs:230:18:230:41 | access to property Name | $@ | EntityFrameworkCore.cs:109:24:109:32 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:41 | access to property Name | EntityFrameworkCore.cs:131:24:131:32 | "tainted" : String | EntityFrameworkCore.cs:230:18:230:41 | access to property Name | $@ | EntityFrameworkCore.cs:131:24:131:32 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:41 | access to property Name | EntityFrameworkCore.cs:201:24:201:32 | "tainted" : String | EntityFrameworkCore.cs:230:18:230:41 | access to property Name | $@ | EntityFrameworkCore.cs:201:24:201:32 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:238:18:238:45 | access to property Street | EntityFrameworkCore.cs:171:34:171:42 | "tainted" : String | EntityFrameworkCore.cs:238:18:238:45 | access to property Street | $@ | EntityFrameworkCore.cs:171:34:171:42 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:238:18:238:45 | access to property Street | EntityFrameworkCore.cs:185:26:185:34 | "tainted" : String | EntityFrameworkCore.cs:238:18:238:45 | access to property Street | $@ | EntityFrameworkCore.cs:185:26:185:34 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:238:18:238:45 | access to property Street | EntityFrameworkCore.cs:206:26:206:34 | "tainted" : String | EntityFrameworkCore.cs:238:18:238:45 | access to property Street | $@ | EntityFrameworkCore.cs:206:26:206:34 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:61 | access to property Street | EntityFrameworkCore.cs:171:34:171:42 | "tainted" : String | EntityFrameworkCore.cs:245:18:245:61 | access to property Street | $@ | EntityFrameworkCore.cs:171:34:171:42 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:61 | access to property Street | EntityFrameworkCore.cs:185:26:185:34 | "tainted" : String | EntityFrameworkCore.cs:245:18:245:61 | access to property Street | $@ | EntityFrameworkCore.cs:185:26:185:34 | "tainted" : String | "tainted" : String |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:61 | access to property Street | EntityFrameworkCore.cs:206:26:206:34 | "tainted" : String | EntityFrameworkCore.cs:245:18:245:61 | access to property Street | $@ | EntityFrameworkCore.cs:206:26:206:34 | "tainted" : String | "tainted" : String |
|
||||||
|
|||||||
@@ -1,5 +1,9 @@
|
|||||||
|
/**
|
||||||
|
* @kind path-problem
|
||||||
|
*/
|
||||||
|
|
||||||
import csharp
|
import csharp
|
||||||
import semmle.code.csharp.dataflow.TaintTracking
|
import DataFlow::PathGraph
|
||||||
|
|
||||||
class MyConfiguration extends TaintTracking::Configuration {
|
class MyConfiguration extends TaintTracking::Configuration {
|
||||||
MyConfiguration() { this = "EntityFramework dataflow" }
|
MyConfiguration() { this = "EntityFramework dataflow" }
|
||||||
@@ -11,6 +15,6 @@ class MyConfiguration extends TaintTracking::Configuration {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
from MyConfiguration config, DataFlow::Node source, DataFlow::Node sink
|
from DataFlow::PathNode source, DataFlow::PathNode sink, MyConfiguration conf
|
||||||
where config.hasFlow(source, sink)
|
where conf.hasFlowPath(source, sink)
|
||||||
select sink, source
|
select sink, source, sink, "$@", source, source.toString()
|
||||||
|
|||||||
@@ -1,64 +1,228 @@
|
|||||||
// semmle-extractor-options: /r:System.Data.dll /r:System.ComponentModel.Primitives.dll /r:System.ComponentModel.TypeConverter.dll ${testdir}/../../../resources/stubs/EntityFramework.cs ${testdir}/../../../resources/stubs/System.Data.cs /r:System.ComponentModel.TypeConverter.dll /r:System.Data.Common.dll
|
// semmle-extractor-options: /r:System.Data.dll /r:System.ComponentModel.Primitives.dll /r:System.ComponentModel.TypeConverter.dll ${testdir}/../../../resources/stubs/EntityFramework.cs ${testdir}/../../../resources/stubs/System.Data.cs /r:System.ComponentModel.TypeConverter.dll /r:System.Data.Common.dll /r:System.Linq.dll
|
||||||
|
|
||||||
using System.Data.Entity;
|
using System.Collections.Generic;
|
||||||
using System.ComponentModel.DataAnnotations.Schema;
|
using System.ComponentModel.DataAnnotations.Schema;
|
||||||
using System.Data;
|
using System.Data.Entity;
|
||||||
using System.Data.Common;
|
using System.Linq;
|
||||||
|
|
||||||
namespace EFTests
|
namespace EFTests
|
||||||
{
|
{
|
||||||
class Person
|
class Person
|
||||||
{
|
{
|
||||||
public int Id { get; set; }
|
public virtual int Id { get; set; }
|
||||||
public string Name { get; set; }
|
public virtual string Name { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public int Age { get; set; }
|
public string Title { get; set; }
|
||||||
|
|
||||||
|
// Navigation property
|
||||||
|
public ICollection<Address> Addresses { get; set; }
|
||||||
|
}
|
||||||
|
|
||||||
|
class Address
|
||||||
|
{
|
||||||
|
public int Id { get; set; }
|
||||||
|
public string Street { get; set; }
|
||||||
|
}
|
||||||
|
|
||||||
|
class PersonAddressMap
|
||||||
|
{
|
||||||
|
public int Id { get; set; }
|
||||||
|
public int PersonId { get; set; }
|
||||||
|
public int AddressId { get; set; }
|
||||||
|
|
||||||
|
// Navigation properties
|
||||||
|
public Person Person { get; set; }
|
||||||
|
public Address Address { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
class MyContext : DbContext
|
class MyContext : DbContext
|
||||||
{
|
{
|
||||||
DbSet<Person> person { get; set; }
|
public virtual DbSet<Person> Persons { get; set; }
|
||||||
|
public virtual DbSet<Address> Addresses { get; set; }
|
||||||
|
public virtual DbSet<PersonAddressMap> PersonAddresses { get; set; }
|
||||||
|
|
||||||
|
public static MyContext GetInstance() => null;
|
||||||
|
}
|
||||||
|
|
||||||
|
class Tests
|
||||||
|
{
|
||||||
void FlowSources()
|
void FlowSources()
|
||||||
{
|
{
|
||||||
var p = new Person();
|
var p = new Person();
|
||||||
var id = p.Id; // Remote flow source
|
var id = p.Id; // Remote flow source
|
||||||
var name = p.Name; // Remote flow source
|
var name = p.Name; // Remote flow source
|
||||||
var age = p.Age; // Not a remote flow source
|
var title = p.Title; // Not a remote flow source
|
||||||
}
|
}
|
||||||
|
|
||||||
DbCommand command;
|
void TestSaveChangesDirectDataFlow()
|
||||||
|
|
||||||
async void SqlSinks()
|
|
||||||
{
|
{
|
||||||
// System.Data.Common.DbCommand.set_CommandText
|
var p1 = new Person
|
||||||
command.CommandText = ""; // SqlExpr
|
{
|
||||||
|
// Flows to `ReadFirstPersonFromDB`
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
var p2 = new Person { Name = "untainted" };
|
||||||
|
|
||||||
// System.Data.SqlClient.SqlCommand.SqlCommand
|
var ctx = MyContext.GetInstance();
|
||||||
new System.Data.SqlClient.SqlCommand(""); // SqlExpr
|
ctx.Persons.Add(p1);
|
||||||
|
ctx.Persons.Add(p2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
this.Database.ExecuteSqlCommand(""); // SqlExpr
|
var p3 = new Person
|
||||||
await this.Database.ExecuteSqlCommandAsync(""); // SqlExpr
|
{
|
||||||
|
// No flow (no call to `SaveChanges`)
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
ctx.Persons.Add(p3);
|
||||||
}
|
}
|
||||||
|
|
||||||
void TestDataFlow()
|
async void TestSaveChangesAsyncDirectDataFlow()
|
||||||
{
|
{
|
||||||
string taintSource = "tainted";
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstPersonFromDB`
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
var p2 = new Person { Name = "untainted" };
|
||||||
|
|
||||||
// Tainted via database, even though technically there were no reads or writes to the database in this particular case.
|
var ctx = MyContext.GetInstance();
|
||||||
var p1 = new Person { Name = taintSource };
|
ctx.Persons.Add(p1);
|
||||||
var p2 = new Person();
|
ctx.Persons.Add(p2);
|
||||||
Sink(p2.Name); // Tainted
|
await ctx.SaveChangesAsync();
|
||||||
Sink(new Person().Name); // Tainted
|
|
||||||
|
|
||||||
p1.Age = int.Parse(taintSource);
|
var p3 = new Person
|
||||||
Sink(p2.Age); // Not tainted due to NotMappedAttribute
|
{
|
||||||
|
// No flow (no call to `SaveChanges`)
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
ctx.Persons.Add(p3);
|
||||||
|
}
|
||||||
|
|
||||||
|
void TestSaveChangesIndirectDataFlow()
|
||||||
|
{
|
||||||
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstPersonFromDB`
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
var p2 = new Person { Name = "untainted" };
|
||||||
|
|
||||||
|
AddPersonToDB(p1);
|
||||||
|
AddPersonToDB(p2);
|
||||||
|
|
||||||
|
var p3 = new Person
|
||||||
|
{
|
||||||
|
// No flow (not added)
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
void TestNotMappedDataFlow()
|
||||||
|
{
|
||||||
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
// Flows only to `Sink` below as `Title` it is not mapped
|
||||||
|
Title = "tainted"
|
||||||
|
};
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
ctx.Persons.Add(p1);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
Sink(p1.Title);
|
||||||
|
|
||||||
|
var p2 = new Person { Title = "untainted" };
|
||||||
|
ctx.Persons.Add(p2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
Sink(p2.Title);
|
||||||
|
}
|
||||||
|
|
||||||
|
void TestNavigationPropertyReadFlow()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
Addresses = new[] {
|
||||||
|
new Address {
|
||||||
|
// Flows to `ReadFirstAddressFromDB` and `ReadFirstPersonAddress`
|
||||||
|
Street = "tainted"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
ctx.Persons.Add(p1);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
|
var p2 = new Person { Addresses = new[] { new Address { Street = "untainted" } } };
|
||||||
|
ctx.Persons.Add(p2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
|
var a1 = new Address
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstAddressFromDB` and `ReadFirstPersonAddress`
|
||||||
|
Street = "tainted"
|
||||||
|
};
|
||||||
|
ctx.Addresses.Add(a1);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
|
var a2 = new Address { Street = "untainted" };
|
||||||
|
ctx.Addresses.Add(a2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
}
|
||||||
|
|
||||||
|
void TestNavigationPropertyStoreFlow()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstPersonFromDB`
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
var a1 = new Address
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstAddressFromDB` and `ReadFirstPersonAddress`
|
||||||
|
Street = "tainted"
|
||||||
|
};
|
||||||
|
var personAddressMap1 = new PersonAddressMap() { Person = p1, Address = a1 };
|
||||||
|
ctx.PersonAddresses.Add(personAddressMap1);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
|
var p2 = new Person { Name = "untainted" };
|
||||||
|
var a2 = new Address { Street = "untainted" };
|
||||||
|
var personAddressMap2 = new PersonAddressMap() { Person = p2, Address = a2 };
|
||||||
|
ctx.PersonAddresses.Add(personAddressMap2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
}
|
||||||
|
|
||||||
|
void AddPersonToDB(Person p)
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
ctx.Persons.Add(p);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
}
|
||||||
|
|
||||||
|
void ReadFirstPersonFromDB()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
Sink(ctx.Persons.First().Id);
|
||||||
|
Sink(ctx.Persons.First().Name);
|
||||||
|
Sink(ctx.Persons.First().Title);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ReadFirstAddressFromDB()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
Sink(ctx.Addresses.First().Id);
|
||||||
|
Sink(ctx.Addresses.First().Street);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ReadFirstPersonAddress()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
Sink(ctx.Persons.First().Addresses.First().Id);
|
||||||
|
Sink(ctx.Persons.First().Addresses.First().Street);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Sink(object @object)
|
void Sink(object @object)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
@@ -1,38 +1,66 @@
|
|||||||
using Microsoft.EntityFrameworkCore;
|
using Microsoft.EntityFrameworkCore;
|
||||||
using System;
|
using System;
|
||||||
|
using System.Collections.Generic;
|
||||||
using System.ComponentModel.DataAnnotations.Schema;
|
using System.ComponentModel.DataAnnotations.Schema;
|
||||||
using System.Data.Common;
|
using System.Linq;
|
||||||
|
|
||||||
namespace EFCoreTests
|
namespace EFCoreTests
|
||||||
{
|
{
|
||||||
class Person
|
class Person
|
||||||
{
|
{
|
||||||
public int Id { get; set; }
|
public virtual int Id { get; set; }
|
||||||
public string Name { get; set; }
|
public virtual string Name { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public int Age { get; set; }
|
public string Title { get; set; }
|
||||||
|
|
||||||
|
// Navigation property
|
||||||
|
public ICollection<Address> Addresses { get; set; }
|
||||||
|
}
|
||||||
|
|
||||||
|
class Address
|
||||||
|
{
|
||||||
|
public int Id { get; set; }
|
||||||
|
public string Street { get; set; }
|
||||||
|
}
|
||||||
|
|
||||||
|
class PersonAddressMap
|
||||||
|
{
|
||||||
|
public int Id { get; set; }
|
||||||
|
public int PersonId { get; set; }
|
||||||
|
public int AddressId { get; set; }
|
||||||
|
|
||||||
|
// Navigation properties
|
||||||
|
public Person Person { get; set; }
|
||||||
|
public Address Address { get; set; }
|
||||||
}
|
}
|
||||||
|
|
||||||
class MyContext : DbContext
|
class MyContext : DbContext
|
||||||
{
|
{
|
||||||
DbSet<Person> person;
|
public virtual DbSet<Person> Persons { get; set; }
|
||||||
|
public virtual DbSet<Address> Addresses { get; set; }
|
||||||
|
public virtual DbSet<PersonAddressMap> PersonAddresses { get; set; }
|
||||||
|
|
||||||
|
public static MyContext GetInstance() => null;
|
||||||
|
}
|
||||||
|
|
||||||
|
class Tests
|
||||||
|
{
|
||||||
void FlowSources()
|
void FlowSources()
|
||||||
{
|
{
|
||||||
var p = new Person();
|
var p = new Person();
|
||||||
var id = p.Id; // Remote flow source
|
var id = p.Id; // Remote flow source
|
||||||
var name = p.Name; // Remote flow source
|
var name = p.Name; // Remote flow source
|
||||||
var age = p.Age; // Not a remote flow source
|
var title = p.Title; // Not a remote flow source
|
||||||
}
|
}
|
||||||
|
|
||||||
Microsoft.EntityFrameworkCore.Storage.IRawSqlCommandBuilder builder;
|
Microsoft.EntityFrameworkCore.Storage.IRawSqlCommandBuilder builder;
|
||||||
|
|
||||||
async void SqlExprs()
|
async void SqlExprs(MyContext ctx)
|
||||||
{
|
{
|
||||||
// Microsoft.EntityFrameworkCore.RelationalDatabaseFacadeExtensions.ExecuteSqlCommand
|
// Microsoft.EntityFrameworkCore.RelationalDatabaseFacadeExtensions.ExecuteSqlCommand
|
||||||
this.Database.ExecuteSqlCommand(""); // SqlExpr
|
ctx.Database.ExecuteSqlCommand(""); // SqlExpr
|
||||||
await this.Database.ExecuteSqlCommandAsync(""); // SqlExpr
|
await ctx.Database.ExecuteSqlCommandAsync(""); // SqlExpr
|
||||||
|
|
||||||
// Microsoft.EntityFrameworkCore.Storage.IRawSqlCommandBuilder.Build
|
// Microsoft.EntityFrameworkCore.Storage.IRawSqlCommandBuilder.Build
|
||||||
builder.Build(""); // SqlExpr
|
builder.Build(""); // SqlExpr
|
||||||
@@ -42,26 +70,179 @@ namespace EFCoreTests
|
|||||||
RawSqlString str = ""; // SqlExpr
|
RawSqlString str = ""; // SqlExpr
|
||||||
}
|
}
|
||||||
|
|
||||||
void TestDataFlow()
|
void TestRawSqlStringDataFlow()
|
||||||
{
|
{
|
||||||
var taintSource = "tainted";
|
var taintSource = "tainted";
|
||||||
var untaintedSource = "untainted";
|
|
||||||
|
|
||||||
Sink(taintSource); // Tainted
|
Sink(taintSource); // Tainted
|
||||||
Sink(new RawSqlString(taintSource)); // Tainted
|
Sink(new RawSqlString(taintSource)); // Tainted
|
||||||
Sink((RawSqlString)taintSource); // Tainted
|
Sink((RawSqlString)taintSource); // Tainted
|
||||||
Sink((RawSqlString)(FormattableString)$"{taintSource}"); // Tainted, but not reported because conversion operator is in a stub .cs file
|
Sink((RawSqlString)(FormattableString)$"{taintSource}"); // Tainted, but not reported because conversion operator is in a stub .cs file
|
||||||
|
}
|
||||||
|
|
||||||
// Tainted via database, even though technically there were no reads or writes to the database in this particular case.
|
void TestSaveChangesDirectDataFlow()
|
||||||
var p1 = new Person { Name = taintSource };
|
{
|
||||||
p1.Name = untaintedSource;
|
var p1 = new Person
|
||||||
var p2 = new Person();
|
{
|
||||||
|
// Flows to `ReadFirstPersonFromDB`
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
var p2 = new Person { Name = "untainted" };
|
||||||
|
|
||||||
Sink(p2.Name); // Tainted
|
var ctx = MyContext.GetInstance();
|
||||||
Sink(new Person().Name); // Tainted
|
ctx.Persons.Add(p1);
|
||||||
|
ctx.Persons.Add(p2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
p1.Age = int.Parse(taintSource);
|
var p3 = new Person
|
||||||
Sink(p2.Age); // Not tainted due to NotMappedAttribute
|
{
|
||||||
|
// No flow (no call to `SaveChanges`)
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
ctx.Persons.Add(p3);
|
||||||
|
}
|
||||||
|
|
||||||
|
async void TestSaveChangesAsyncDirectDataFlow()
|
||||||
|
{
|
||||||
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstPersonFromDB`
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
var p2 = new Person { Name = "untainted" };
|
||||||
|
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
ctx.Persons.Add(p1);
|
||||||
|
ctx.Persons.Add(p2);
|
||||||
|
await ctx.SaveChangesAsync();
|
||||||
|
|
||||||
|
var p3 = new Person
|
||||||
|
{
|
||||||
|
// No flow (no call to `SaveChanges`)
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
ctx.Persons.Add(p3);
|
||||||
|
}
|
||||||
|
|
||||||
|
void TestSaveChangesIndirectDataFlow()
|
||||||
|
{
|
||||||
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstPersonFromDB`
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
var p2 = new Person { Name = "untainted" };
|
||||||
|
|
||||||
|
AddPersonToDB(p1);
|
||||||
|
AddPersonToDB(p2);
|
||||||
|
|
||||||
|
var p3 = new Person
|
||||||
|
{
|
||||||
|
// No flow (not added)
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
void TestNotMappedDataFlow()
|
||||||
|
{
|
||||||
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
// Flows only to `Sink` below as `Title` it is not mapped
|
||||||
|
Title = "tainted"
|
||||||
|
};
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
ctx.Persons.Add(p1);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
Sink(p1.Title);
|
||||||
|
|
||||||
|
var p2 = new Person { Title = "untainted" };
|
||||||
|
ctx.Persons.Add(p2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
Sink(p2.Title);
|
||||||
|
}
|
||||||
|
|
||||||
|
void TestNavigationPropertyReadFlow()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
Addresses = new[] {
|
||||||
|
new Address {
|
||||||
|
// Flows to `ReadFirstAddressFromDB` and `ReadFirstPersonAddress`
|
||||||
|
Street = "tainted"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
};
|
||||||
|
ctx.Persons.Add(p1);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
|
var p2 = new Person { Addresses = new[] { new Address { Street = "untainted" } } };
|
||||||
|
ctx.Persons.Add(p2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
|
var a1 = new Address
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstAddressFromDB` and `ReadFirstPersonAddress`
|
||||||
|
Street = "tainted"
|
||||||
|
};
|
||||||
|
ctx.Addresses.Add(a1);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
|
var a2 = new Address { Street = "untainted" };
|
||||||
|
ctx.Addresses.Add(a2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
}
|
||||||
|
|
||||||
|
void TestNavigationPropertyStoreFlow()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
var p1 = new Person
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstPersonFromDB`
|
||||||
|
Name = "tainted"
|
||||||
|
};
|
||||||
|
var a1 = new Address
|
||||||
|
{
|
||||||
|
// Flows to `ReadFirstAddressFromDB` and `ReadFirstPersonAddress`
|
||||||
|
Street = "tainted"
|
||||||
|
};
|
||||||
|
var personAddressMap1 = new PersonAddressMap() { Person = p1, Address = a1 };
|
||||||
|
ctx.PersonAddresses.Add(personAddressMap1);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
|
||||||
|
var p2 = new Person { Name = "untainted" };
|
||||||
|
var a2 = new Address { Street = "untainted" };
|
||||||
|
var personAddressMap2 = new PersonAddressMap() { Person = p2, Address = a2 };
|
||||||
|
ctx.PersonAddresses.Add(personAddressMap2);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
}
|
||||||
|
|
||||||
|
void AddPersonToDB(Person p)
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
ctx.Persons.Add(p);
|
||||||
|
ctx.SaveChanges();
|
||||||
|
}
|
||||||
|
|
||||||
|
void ReadFirstPersonFromDB()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
Sink(ctx.Persons.First().Id);
|
||||||
|
Sink(ctx.Persons.First().Name);
|
||||||
|
Sink(ctx.Persons.First().Title);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ReadFirstAddressFromDB()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
Sink(ctx.Addresses.First().Id);
|
||||||
|
Sink(ctx.Addresses.First().Street);
|
||||||
|
}
|
||||||
|
|
||||||
|
void ReadFirstPersonAddress()
|
||||||
|
{
|
||||||
|
var ctx = MyContext.GetInstance();
|
||||||
|
Sink(ctx.Persons.First().Addresses.First().Id);
|
||||||
|
Sink(ctx.Persons.First().Addresses.First().Street);
|
||||||
}
|
}
|
||||||
|
|
||||||
void Sink(object @object)
|
void Sink(object @object)
|
||||||
|
|||||||
@@ -0,0 +1,158 @@
|
|||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Addresses, [], Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Addresses, [], Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Addresses, [], Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Addresses, [], Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], AddressId] -> jump to get_PersonAddresses (return) [[], AddressId] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Id] -> jump to get_PersonAddresses (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Person, Id] -> jump to get_PersonAddresses (return) [[], Person, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Person, Id] -> jump to get_Persons (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Person, Name] -> jump to get_PersonAddresses (return) [[], Person, Name] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Person, Name] -> jump to get_Persons (return) [[], Name] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [PersonAddresses, [], PersonId] -> jump to get_PersonAddresses (return) [[], PersonId] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Id] -> jump to get_Persons (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Name] -> jump to get_PersonAddresses (return) [[], Person, Name] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChanges() | this parameter [Persons, [], Name] -> jump to get_Persons (return) [[], Name] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], AddressId] -> jump to get_PersonAddresses (return) [[], AddressId] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Id] -> jump to get_PersonAddresses (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Person, Id] -> jump to get_PersonAddresses (return) [[], Person, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Person, Id] -> jump to get_Persons (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Person, Name] -> jump to get_PersonAddresses (return) [[], Person, Name] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Person, Name] -> jump to get_Persons (return) [[], Name] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], PersonId] -> jump to get_PersonAddresses (return) [[], PersonId] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Id] -> jump to get_Persons (return) [[], Id] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Name] -> jump to get_PersonAddresses (return) [[], Person, Name] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbContext.SaveChangesAsync() | this parameter [Persons, [], Name] -> jump to get_Persons (return) [[], Name] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbSet<>.Add(T) | parameter 0 -> this parameter [[]] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbSet<>.AddAsync(T) | parameter 0 -> this parameter [[]] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbSet<>.AddRange(IEnumerable<T>) | parameter 0 [[]] -> this parameter [[]] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbSet<>.AddRangeAsync(IEnumerable<T>) | parameter 0 [[]] -> this parameter [[]] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbSet<>.Attach(T) | parameter 0 -> this parameter [[]] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbSet<>.AttachRange(IEnumerable<T>) | parameter 0 [[]] -> this parameter [[]] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbSet<>.Update(T) | parameter 0 -> this parameter [[]] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.DbSet<>.UpdateRange(IEnumerable<T>) | parameter 0 [[]] -> this parameter [[]] | true |
|
||||||
|
| Microsoft.EntityFrameworkCore.RawSqlString.RawSqlString(string) | parameter 0 -> return | false |
|
||||||
|
| Microsoft.EntityFrameworkCore.RawSqlString.implicit conversion(string) | parameter 0 -> return | false |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Addresses, [], Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Addresses, [], Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Addresses, [], Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Addresses, [], Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], AddressId] -> jump to get_PersonAddresses (return) [[], AddressId] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Id] -> jump to get_PersonAddresses (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Person, Id] -> jump to get_PersonAddresses (return) [[], Person, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Person, Id] -> jump to get_Persons (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Person, Name] -> jump to get_PersonAddresses (return) [[], Person, Name] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], Person, Name] -> jump to get_Persons (return) [[], Name] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [PersonAddresses, [], PersonId] -> jump to get_PersonAddresses (return) [[], PersonId] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Id] -> jump to get_Persons (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Name] -> jump to get_PersonAddresses (return) [[], Person, Name] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChanges() | this parameter [Persons, [], Name] -> jump to get_Persons (return) [[], Name] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Addresses, [], Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Address, Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], AddressId] -> jump to get_PersonAddresses (return) [[], AddressId] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Id] -> jump to get_PersonAddresses (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Person, Id] -> jump to get_PersonAddresses (return) [[], Person, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Person, Id] -> jump to get_Persons (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Person, Name] -> jump to get_PersonAddresses (return) [[], Person, Name] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], Person, Name] -> jump to get_Persons (return) [[], Name] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [PersonAddresses, [], PersonId] -> jump to get_PersonAddresses (return) [[], PersonId] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_Addresses (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Address, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Id] -> jump to get_Persons (return) [[], Addresses, [], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_Addresses (return) [[], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Address, Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_PersonAddresses (return) [[], Person, Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Addresses, [], Street] -> jump to get_Persons (return) [[], Addresses, [], Street] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Id] -> jump to get_PersonAddresses (return) [[], Person, Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Id] -> jump to get_Persons (return) [[], Id] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Name] -> jump to get_PersonAddresses (return) [[], Person, Name] | true |
|
||||||
|
| System.Data.Entity.DbContext.SaveChangesAsync() | this parameter [Persons, [], Name] -> jump to get_Persons (return) [[], Name] | true |
|
||||||
|
| System.Data.Entity.DbSet<>.Add(T) | parameter 0 -> this parameter [[]] | true |
|
||||||
|
| System.Data.Entity.DbSet<>.AddAsync(T) | parameter 0 -> this parameter [[]] | true |
|
||||||
|
| System.Data.Entity.DbSet<>.AddRange(IEnumerable<T>) | parameter 0 [[]] -> this parameter [[]] | true |
|
||||||
|
| System.Data.Entity.DbSet<>.AddRangeAsync(IEnumerable<T>) | parameter 0 [[]] -> this parameter [[]] | true |
|
||||||
|
| System.Data.Entity.DbSet<>.Attach(T) | parameter 0 -> this parameter [[]] | true |
|
||||||
|
| System.Data.Entity.DbSet<>.AttachRange(IEnumerable<T>) | parameter 0 [[]] -> this parameter [[]] | true |
|
||||||
|
| System.Data.Entity.DbSet<>.Update(T) | parameter 0 -> this parameter [[]] | true |
|
||||||
|
| System.Data.Entity.DbSet<>.UpdateRange(IEnumerable<T>) | parameter 0 [[]] -> this parameter [[]] | true |
|
||||||
@@ -0,0 +1,6 @@
|
|||||||
|
import semmle.code.csharp.dataflow.FlowSummary::TestOutput
|
||||||
|
import semmle.code.csharp.frameworks.EntityFramework::EntityFramework
|
||||||
|
|
||||||
|
private class IncludeEFSummarizedCallable extends RelevantSummarizedCallable {
|
||||||
|
IncludeEFSummarizedCallable() { this instanceof EFSummarizedCallable }
|
||||||
|
}
|
||||||
@@ -1,4 +1,20 @@
|
|||||||
| EntityFramework.cs:12:20:12:21 | Id |
|
| EntityFramework.cs:12:28:12:29 | Id |
|
||||||
| EntityFramework.cs:13:23:13:26 | Name |
|
| EntityFramework.cs:13:31:13:34 | Name |
|
||||||
| EntityFrameworkCore.cs:10:18:10:19 | Id |
|
| EntityFramework.cs:19:37:19:45 | Addresses |
|
||||||
| EntityFrameworkCore.cs:11:21:11:24 | Name |
|
| EntityFramework.cs:24:20:24:21 | Id |
|
||||||
|
| EntityFramework.cs:25:23:25:28 | Street |
|
||||||
|
| EntityFramework.cs:30:20:30:21 | Id |
|
||||||
|
| EntityFramework.cs:31:20:31:27 | PersonId |
|
||||||
|
| EntityFramework.cs:32:20:32:28 | AddressId |
|
||||||
|
| EntityFramework.cs:35:23:35:28 | Person |
|
||||||
|
| EntityFramework.cs:36:24:36:30 | Address |
|
||||||
|
| EntityFrameworkCore.cs:11:28:11:29 | Id |
|
||||||
|
| EntityFrameworkCore.cs:12:31:12:34 | Name |
|
||||||
|
| EntityFrameworkCore.cs:18:37:18:45 | Addresses |
|
||||||
|
| EntityFrameworkCore.cs:23:20:23:21 | Id |
|
||||||
|
| EntityFrameworkCore.cs:24:23:24:28 | Street |
|
||||||
|
| EntityFrameworkCore.cs:29:20:29:21 | Id |
|
||||||
|
| EntityFrameworkCore.cs:30:20:30:27 | PersonId |
|
||||||
|
| EntityFrameworkCore.cs:31:20:31:28 | AddressId |
|
||||||
|
| EntityFrameworkCore.cs:34:23:34:28 | Person |
|
||||||
|
| EntityFrameworkCore.cs:35:24:35:30 | Address |
|
||||||
|
|||||||
@@ -1,11 +1,7 @@
|
|||||||
| EntityFramework.cs:36:13:36:36 | ... = ... |
|
| EntityFrameworkCore.cs:62:13:62:46 | call to method ExecuteSqlCommand |
|
||||||
| EntityFramework.cs:39:13:39:52 | object creation of type SqlCommand |
|
| EntityFrameworkCore.cs:63:19:63:57 | call to method ExecuteSqlCommandAsync |
|
||||||
| EntityFramework.cs:41:13:41:47 | call to method ExecuteSqlCommand |
|
| EntityFrameworkCore.cs:66:13:66:29 | call to method Build |
|
||||||
| EntityFramework.cs:42:19:42:58 | call to method ExecuteSqlCommandAsync |
|
| EntityFrameworkCore.cs:69:13:69:32 | object creation of type RawSqlString |
|
||||||
| EntityFrameworkCore.cs:34:13:34:47 | call to method ExecuteSqlCommand |
|
| EntityFrameworkCore.cs:70:32:70:33 | call to operator implicit conversion |
|
||||||
| EntityFrameworkCore.cs:35:19:35:58 | call to method ExecuteSqlCommandAsync |
|
| EntityFrameworkCore.cs:77:18:77:46 | object creation of type RawSqlString |
|
||||||
| EntityFrameworkCore.cs:38:13:38:29 | call to method Build |
|
| EntityFrameworkCore.cs:78:18:78:42 | call to operator implicit conversion |
|
||||||
| EntityFrameworkCore.cs:41:13:41:32 | object creation of type RawSqlString |
|
|
||||||
| EntityFrameworkCore.cs:42:32:42:33 | call to operator implicit conversion |
|
|
||||||
| EntityFrameworkCore.cs:51:18:51:46 | object creation of type RawSqlString |
|
|
||||||
| EntityFrameworkCore.cs:52:18:52:42 | call to operator implicit conversion |
|
|
||||||
|
|||||||
@@ -1,8 +1,20 @@
|
|||||||
| EntityFramework.cs:26:22:26:25 | access to property Id |
|
| EntityFramework.cs:53:22:53:25 | access to property Id |
|
||||||
| EntityFramework.cs:27:24:27:29 | access to property Name |
|
| EntityFramework.cs:54:24:54:29 | access to property Name |
|
||||||
| EntityFramework.cs:52:18:52:24 | access to property Name |
|
| EntityFramework.cs:205:18:205:39 | access to property Id |
|
||||||
| EntityFramework.cs:53:18:53:34 | access to property Name |
|
| EntityFramework.cs:206:18:206:41 | access to property Name |
|
||||||
| EntityFrameworkCore.cs:24:22:24:25 | access to property Id |
|
| EntityFramework.cs:213:18:213:41 | access to property Id |
|
||||||
| EntityFrameworkCore.cs:25:24:25:29 | access to property Name |
|
| EntityFramework.cs:214:18:214:45 | access to property Street |
|
||||||
| EntityFrameworkCore.cs:60:18:60:24 | access to property Name |
|
| EntityFramework.cs:220:18:220:46 | access to property Addresses |
|
||||||
| EntityFrameworkCore.cs:61:18:61:34 | access to property Name |
|
| EntityFramework.cs:220:18:220:57 | access to property Id |
|
||||||
|
| EntityFramework.cs:221:18:221:46 | access to property Addresses |
|
||||||
|
| EntityFramework.cs:221:18:221:61 | access to property Street |
|
||||||
|
| EntityFrameworkCore.cs:52:22:52:25 | access to property Id |
|
||||||
|
| EntityFrameworkCore.cs:53:24:53:29 | access to property Name |
|
||||||
|
| EntityFrameworkCore.cs:229:18:229:39 | access to property Id |
|
||||||
|
| EntityFrameworkCore.cs:230:18:230:41 | access to property Name |
|
||||||
|
| EntityFrameworkCore.cs:237:18:237:41 | access to property Id |
|
||||||
|
| EntityFrameworkCore.cs:238:18:238:45 | access to property Street |
|
||||||
|
| EntityFrameworkCore.cs:244:18:244:46 | access to property Addresses |
|
||||||
|
| EntityFrameworkCore.cs:244:18:244:57 | access to property Id |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:46 | access to property Addresses |
|
||||||
|
| EntityFrameworkCore.cs:245:18:245:61 | access to property Street |
|
||||||
|
|||||||
@@ -10,8 +10,18 @@ namespace System.Data.Entity
|
|||||||
{
|
{
|
||||||
}
|
}
|
||||||
|
|
||||||
public class DbSet<T>
|
public class DbSet<T> : IEnumerable<T>
|
||||||
{
|
{
|
||||||
|
public void Add(T t) { }
|
||||||
|
public System.Threading.Tasks.Task<int> AddAsync(T t) => null;
|
||||||
|
public void AddRange(IEnumerable<T> t) { }
|
||||||
|
public System.Threading.Tasks.Task<int> AddRangeAsync(IEnumerable<T> t) => null;
|
||||||
|
public void Attach(T t) { }
|
||||||
|
public void AttachRange(IEnumerable<T> t) { }
|
||||||
|
public void Update(T t) { }
|
||||||
|
public void UpdateRange(IEnumerable<T> t) { }
|
||||||
|
IEnumerator<T> IEnumerable<T>.GetEnumerator() => null;
|
||||||
|
IEnumerator IEnumerable.GetEnumerator() => null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public class Database
|
public class Database
|
||||||
@@ -27,6 +37,8 @@ namespace System.Data.Entity
|
|||||||
public void Dispose() { }
|
public void Dispose() { }
|
||||||
public Database Database => null;
|
public Database Database => null;
|
||||||
public Infrastructure.DbRawSqlQuery<TElement> SqlQuery<TElement>(string sql, params object[] parameters) => null;
|
public Infrastructure.DbRawSqlQuery<TElement> SqlQuery<TElement>(string sql, params object[] parameters) => null;
|
||||||
|
public int SaveChanges() => 0;
|
||||||
|
public System.Threading.Tasks.Task<int> SaveChangesAsync() => null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -47,15 +59,26 @@ namespace System.Data.Entity.Infrastructure
|
|||||||
|
|
||||||
namespace Microsoft.EntityFrameworkCore
|
namespace Microsoft.EntityFrameworkCore
|
||||||
{
|
{
|
||||||
public class DbSet<T>
|
public class DbSet<T> : IEnumerable<T>
|
||||||
{
|
{
|
||||||
|
public void Add(T t) { }
|
||||||
|
public System.Threading.Tasks.Task<int> AddAsync(T t) => null;
|
||||||
|
public void AddRange(IEnumerable<T> t) { }
|
||||||
|
public System.Threading.Tasks.Task<int> AddRangeAsync(IEnumerable<T> t) => null;
|
||||||
|
public void Attach(T t) { }
|
||||||
|
public void AttachRange(IEnumerable<T> t) { }
|
||||||
|
public void Update(T t) { }
|
||||||
|
public void UpdateRange(IEnumerable<T> t) { }
|
||||||
|
IEnumerator<T> IEnumerable<T>.GetEnumerator() => null;
|
||||||
|
IEnumerator IEnumerable.GetEnumerator() => null;
|
||||||
}
|
}
|
||||||
|
|
||||||
public class DbContext : IDisposable
|
public class DbContext : IDisposable
|
||||||
{
|
{
|
||||||
public void Dispose() { }
|
public void Dispose() { }
|
||||||
public virtual Infrastructure.DatabaseFacade Database => null;
|
public virtual Infrastructure.DatabaseFacade Database => null;
|
||||||
// public Infrastructure.DbRawSqlQuery<TElement> SqlQuery<TElement>(string sql, params object[] parameters) => null;
|
public int SaveChanges() => 0;
|
||||||
|
public System.Threading.Tasks.Task<int> SaveChangesAsync() => null;
|
||||||
}
|
}
|
||||||
|
|
||||||
namespace Infrastructure
|
namespace Infrastructure
|
||||||
@@ -67,15 +90,15 @@ namespace Microsoft.EntityFrameworkCore
|
|||||||
|
|
||||||
public static class RelationalDatabaseFacaseExtensions
|
public static class RelationalDatabaseFacaseExtensions
|
||||||
{
|
{
|
||||||
public static void ExecuteSqlCommand(this Infrastructure.DatabaseFacade db, string sql, params object[] parameters) {}
|
public static void ExecuteSqlCommand(this Infrastructure.DatabaseFacade db, string sql, params object[] parameters) { }
|
||||||
public static Task ExecuteSqlCommandAsync(this Infrastructure.DatabaseFacade db, string sql, params object[] parameters) => throw null;
|
public static Task ExecuteSqlCommandAsync(this Infrastructure.DatabaseFacade db, string sql, params object[] parameters) => throw null;
|
||||||
}
|
}
|
||||||
|
|
||||||
struct RawSqlString
|
struct RawSqlString
|
||||||
{
|
{
|
||||||
public RawSqlString(string str) { }
|
public RawSqlString(string str) { }
|
||||||
public static implicit operator Microsoft.EntityFrameworkCore.RawSqlString (FormattableString fs) => throw null;
|
public static implicit operator Microsoft.EntityFrameworkCore.RawSqlString(FormattableString fs) => throw null;
|
||||||
public static implicit operator Microsoft.EntityFrameworkCore.RawSqlString (string s) => throw null;
|
public static implicit operator Microsoft.EntityFrameworkCore.RawSqlString(string s) => throw null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user