hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Address review comment

Browse Source 
- Flow from expressions with a value is excluded.
This commit is contained in:
Calum Grant
2020-02-10 16:02:29 +00:00
parent 7caae01ad1
commit 803cb3f4d1
3 changed files with 8 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql
View File

@@ -35,7 +35,9 @@ Expr uncheckedWrite(Callable callable, Field f) {
result.getEnclosingCallable() = callable and
not callable.calls*(checkedWrite(f, _, _).getEnclosingCallable()) and
// Exclude object creations because they were not deserialized
not exists(ObjectCreation src | DataFlow::localExprFlow(src, result))
not exists(Expr src | DataFlow::localExprFlow(src, result) |
src instanceof ObjectCreation or src.hasValue()
)
}
from BinarySerializableType t, Field f, IfStmt check, Expr write, Expr unsafeWrite

8
csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksBypass.cs
View File

@@ -17,7 +17,7 @@ public class Test1
[OnDeserializing]
public void Deserialize()
{
f = "invalid"; // BAD
f = $"invalid"; // BAD
}
}
@@ -37,7 +37,7 @@ public class Test2
[OnDeserializing]
public void Deserialize()
{
var v = "invalid";
var v = $"invalid";
f = v; // BAD: False negative
if (v == "valid")
@@ -63,7 +63,7 @@ public class Test3
[OnDeserializing]
public void Deserialize()
{
var v = "invalid";
var v = $"invalid";
f = v; // GOOD: False negative
Assign(v);
}
@@ -95,7 +95,7 @@ public class Test4
[OnDeserializing]
public void Deserialize()
{
var v = "invalid";
var v = $"invalid";
if (v == "valid")
Assign(v);
}

2
csharp/ql/test/query-tests/Security Features/CWE-020/RuntimeChecksbypass.expected
View File

@@ -1,4 +1,4 @@
| RuntimeChecksBypass.cs:20:13:20:21 | "invalid" | This write to $@ may be circumventing a $@. | RuntimeChecksBypass.cs:7:19:7:19 | f | f | RuntimeChecksBypass.cs:11:9:14:9 | if (...) ... | check |
| RuntimeChecksBypass.cs:20:13:20:22 | $"..." | This write to $@ may be circumventing a $@. | RuntimeChecksBypass.cs:7:19:7:19 | f | f | RuntimeChecksBypass.cs:11:9:14:9 | if (...) ... | check |
| RuntimeChecksBypass.cs:124:15:124:34 | call to method GetInt32 | This write to $@ may be circumventing a $@. | RuntimeChecksBypass.cs:112:16:112:18 | Age | Age | RuntimeChecksBypass.cs:116:9:117:53 | if (...) ... | check |
| RuntimeChecksBypass.cs:168:15:168:17 | access to local variable age | This write to $@ may be circumventing a $@. | RuntimeChecksBypass.cs:153:16:153:18 | Age | Age | RuntimeChecksBypass.cs:157:9:158:53 | if (...) ... | check |
| RuntimeChecksBypassBad.cs:19:15:19:34 | call to method GetInt32 | This write to $@ may be circumventing a $@. | RuntimeChecksBypassBad.cs:7:16:7:18 | Age | Age | RuntimeChecksBypassBad.cs:11:9:12:53 | if (...) ... | check |