hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Convert data-flow test queries to path-problems

Browse Source
This commit is contained in:
Tom Hvitved
2021-02-26 15:28:47 +01:00
committed by Tamas Vajk
parent 0698bdd907
commit 80a7b52f38
5 changed files with 102 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
csharp/ql/test/library-tests/csharp7/GlobalFlow.expected
View File

@@ -1,6 +1,40 @@
| CSharp7.cs:41:13:41:21 | "tainted" | CSharp7.cs:53:18:53:19 | access to local variable t1 |
| CSharp7.cs:57:11:57:19 | "tainted" | CSharp7.cs:58:18:58:19 | access to local variable t4 |
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:92:18:92:28 | call to method I |
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" |
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:183:21:183:26 | call to local function g |
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:184:21:184:26 | call to local function h |
edges
| CSharp7.cs:41:9:41:21 | SSA def(x) : String | CSharp7.cs:51:22:51:23 | SSA def(t1) : String |
| CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:41:9:41:21 | SSA def(x) : String |
| CSharp7.cs:51:22:51:23 | SSA def(t1) : String | CSharp7.cs:53:18:53:19 | access to local variable t1 |
| CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:57:30:57:31 | SSA def(t4) : String |
| CSharp7.cs:57:30:57:31 | SSA def(t4) : String | CSharp7.cs:58:18:58:19 | access to local variable t4 |
| CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String | CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String |
| CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String |
| CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String | CSharp7.cs:92:20:92:27 | access to field Item1 : String |
| CSharp7.cs:92:20:92:27 | access to field Item1 : String | CSharp7.cs:92:18:92:28 | call to method I |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:183:23:183:25 | access to local variable src : String |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:184:23:184:25 | access to local variable src : String |
| CSharp7.cs:183:23:183:25 | access to local variable src : String | CSharp7.cs:183:21:183:26 | call to local function g |
| CSharp7.cs:184:23:184:25 | access to local variable src : String | CSharp7.cs:184:21:184:26 | call to local function h |
nodes
| CSharp7.cs:41:9:41:21 | SSA def(x) : String | semmle.label | SSA def(x) : String |
| CSharp7.cs:41:13:41:21 | "tainted" : String | semmle.label | "tainted" : String |
| CSharp7.cs:51:22:51:23 | SSA def(t1) : String | semmle.label | SSA def(t1) : String |
| CSharp7.cs:53:18:53:19 | access to local variable t1 | semmle.label | access to local variable t1 |
| CSharp7.cs:57:11:57:19 | "tainted" : String | semmle.label | "tainted" : String |
| CSharp7.cs:57:30:57:31 | SSA def(t4) : String | semmle.label | SSA def(t4) : String |
| CSharp7.cs:58:18:58:19 | access to local variable t4 | semmle.label | access to local variable t4 |
| CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String | semmle.label | (..., ...) [Item1] : String |
| CSharp7.cs:89:19:89:27 | "tainted" : String | semmle.label | "tainted" : String |
| CSharp7.cs:92:18:92:28 | call to method I | semmle.label | call to method I |
| CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String | semmle.label | access to local variable t1 [Item1] : String |
| CSharp7.cs:92:20:92:27 | access to field Item1 : String | semmle.label | access to field Item1 : String |
| CSharp7.cs:177:22:177:30 | "tainted" | semmle.label | "tainted" |
| CSharp7.cs:177:22:177:30 | "tainted" : String | semmle.label | "tainted" : String |
| CSharp7.cs:183:21:183:26 | call to local function g | semmle.label | call to local function g |
| CSharp7.cs:183:23:183:25 | access to local variable src : String | semmle.label | access to local variable src : String |
| CSharp7.cs:184:21:184:26 | call to local function h | semmle.label | call to local function h |
| CSharp7.cs:184:23:184:25 | access to local variable src : String | semmle.label | access to local variable src : String |
#select
| CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:53:18:53:19 | access to local variable t1 | $@ | CSharp7.cs:53:18:53:19 | access to local variable t1 | access to local variable t1 |
| CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:58:18:58:19 | access to local variable t4 | $@ | CSharp7.cs:58:18:58:19 | access to local variable t4 | access to local variable t4 |
| CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:92:18:92:28 | call to method I | $@ | CSharp7.cs:92:18:92:28 | call to method I | call to method I |
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" | $@ | CSharp7.cs:177:22:177:30 | "tainted" | "tainted" |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:183:21:183:26 | call to local function g | $@ | CSharp7.cs:183:21:183:26 | call to local function g | call to local function g |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:184:21:184:26 | call to local function h | $@ | CSharp7.cs:184:21:184:26 | call to local function h | call to local function h |

11
csharp/ql/test/library-tests/csharp7/GlobalFlow.ql
View File

@@ -1,4 +1,9 @@
/**
* @kind path-problem
*/
import csharp
import DataFlow::PathGraph
class DataflowConfiguration extends DataFlow::Configuration {
DataflowConfiguration() { this = "data flow configuration" }
@@ -12,6 +17,6 @@ class DataflowConfiguration extends DataFlow::Configuration {
}
}
from DataflowConfiguration config, DataFlow::Node source, DataFlow::Node sink
where config.hasFlow(source, sink)
select source, sink
from DataFlow::PathNode source, DataFlow::PathNode sink, DataflowConfiguration conf
where conf.hasFlowPath(source, sink)
select source, source, sink, "$@", sink, sink.toString()

52
csharp/ql/test/library-tests/csharp7/GlobalTaintTracking.expected
View File

@@ -1,7 +1,45 @@
| CSharp7.cs:41:13:41:21 | "tainted" | CSharp7.cs:53:18:53:19 | access to local variable t1 |
| CSharp7.cs:57:11:57:19 | "tainted" | CSharp7.cs:58:18:58:19 | access to local variable t4 |
| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:92:18:92:28 | call to method I |
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" |
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:182:21:182:26 | call to local function f |
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:183:21:183:26 | call to local function g |
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:184:21:184:26 | call to local function h |
edges
| CSharp7.cs:41:9:41:21 | SSA def(x) : String | CSharp7.cs:51:22:51:23 | SSA def(t1) : String |
| CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:41:9:41:21 | SSA def(x) : String |
| CSharp7.cs:51:22:51:23 | SSA def(t1) : String | CSharp7.cs:53:18:53:19 | access to local variable t1 |
| CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:57:30:57:31 | SSA def(t4) : String |
| CSharp7.cs:57:30:57:31 | SSA def(t4) : String | CSharp7.cs:58:18:58:19 | access to local variable t4 |
| CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String | CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String |
| CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String |
| CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String | CSharp7.cs:92:20:92:27 | access to field Item1 : String |
| CSharp7.cs:92:20:92:27 | access to field Item1 : String | CSharp7.cs:92:18:92:28 | call to method I |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:182:23:182:25 | access to local variable src : String |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:183:23:183:25 | access to local variable src : String |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:184:23:184:25 | access to local variable src : String |
| CSharp7.cs:182:23:182:25 | access to local variable src : String | CSharp7.cs:182:21:182:26 | call to local function f |
| CSharp7.cs:183:23:183:25 | access to local variable src : String | CSharp7.cs:183:21:183:26 | call to local function g |
| CSharp7.cs:184:23:184:25 | access to local variable src : String | CSharp7.cs:184:21:184:26 | call to local function h |
nodes
| CSharp7.cs:41:9:41:21 | SSA def(x) : String | semmle.label | SSA def(x) : String |
| CSharp7.cs:41:13:41:21 | "tainted" : String | semmle.label | "tainted" : String |
| CSharp7.cs:51:22:51:23 | SSA def(t1) : String | semmle.label | SSA def(t1) : String |
| CSharp7.cs:53:18:53:19 | access to local variable t1 | semmle.label | access to local variable t1 |
| CSharp7.cs:57:11:57:19 | "tainted" : String | semmle.label | "tainted" : String |
| CSharp7.cs:57:30:57:31 | SSA def(t4) : String | semmle.label | SSA def(t4) : String |
| CSharp7.cs:58:18:58:19 | access to local variable t4 | semmle.label | access to local variable t4 |
| CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String | semmle.label | (..., ...) [Item1] : String |
| CSharp7.cs:89:19:89:27 | "tainted" : String | semmle.label | "tainted" : String |
| CSharp7.cs:92:18:92:28 | call to method I | semmle.label | call to method I |
| CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String | semmle.label | access to local variable t1 [Item1] : String |
| CSharp7.cs:92:20:92:27 | access to field Item1 : String | semmle.label | access to field Item1 : String |
| CSharp7.cs:177:22:177:30 | "tainted" | semmle.label | "tainted" |
| CSharp7.cs:177:22:177:30 | "tainted" : String | semmle.label | "tainted" : String |
| CSharp7.cs:182:21:182:26 | call to local function f | semmle.label | call to local function f |
| CSharp7.cs:182:23:182:25 | access to local variable src : String | semmle.label | access to local variable src : String |
| CSharp7.cs:183:21:183:26 | call to local function g | semmle.label | call to local function g |
| CSharp7.cs:183:23:183:25 | access to local variable src : String | semmle.label | access to local variable src : String |
| CSharp7.cs:184:21:184:26 | call to local function h | semmle.label | call to local function h |
| CSharp7.cs:184:23:184:25 | access to local variable src : String | semmle.label | access to local variable src : String |
#select
| CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:53:18:53:19 | access to local variable t1 | $@ | CSharp7.cs:53:18:53:19 | access to local variable t1 | access to local variable t1 |
| CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:58:18:58:19 | access to local variable t4 | $@ | CSharp7.cs:58:18:58:19 | access to local variable t4 | access to local variable t4 |
| CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:92:18:92:28 | call to method I | $@ | CSharp7.cs:92:18:92:28 | call to method I | call to method I |
| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" | $@ | CSharp7.cs:177:22:177:30 | "tainted" | "tainted" |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:182:21:182:26 | call to local function f | $@ | CSharp7.cs:182:21:182:26 | call to local function f | call to local function f |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:183:21:183:26 | call to local function g | $@ | CSharp7.cs:183:21:183:26 | call to local function g | call to local function g |
| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:184:21:184:26 | call to local function h | $@ | CSharp7.cs:184:21:184:26 | call to local function h | call to local function h |

11
csharp/ql/test/library-tests/csharp7/GlobalTaintTracking.ql
View File

@@ -1,4 +1,9 @@
/**
* @kind path-problem
*/
import csharp
import DataFlow::PathGraph
class DataflowConfiguration extends TaintTracking::Configuration {
DataflowConfiguration() { this = "taint tracking configuration" }
@@ -12,6 +17,6 @@ class DataflowConfiguration extends TaintTracking::Configuration {
}
}
from DataflowConfiguration config, DataFlow::Node source, DataFlow::Node sink
where config.hasFlow(source, sink)
select source, sink
from DataFlow::PathNode source, DataFlow::PathNode sink, DataflowConfiguration conf
where conf.hasFlowPath(source, sink)
select source, source, sink, "$@", sink, sink.toString()

2
csharp/ql/test/library-tests/dataflow/tuples/Tuples.ql
View File

@@ -6,7 +6,7 @@ import csharp
import DataFlow::PathGraph
class Conf extends DataFlow::Configuration {
Conf() { this = "TypesConf" }
Conf() { this = "TuplesConf" }
override predicate isSource(DataFlow::Node src) {
src.asExpr().(StringLiteral).getValue() = "taint source"