hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15798 from egregius313/egregius313/csharp/mad/fix-textreader-models

Browse Source 
C#: Change `System.IO.TextReader` models to transfer taint to out parameter
This commit is contained in:
Edward Minnix III
2024-03-07 10:40:28 -05:00
committed by GitHub
parent c9474050c8 a87df5459f
commit 92b086d36f
4 changed files with 49 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
csharp/ql/lib/change-notes/2024-03-04-fixed-system.io.textreader-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`.

18
csharp/ql/lib/ext/System.IO.model.yml
View File

@@ -89,14 +89,16 @@ extensions:
- ["System.IO", "StreamReader", False, "StreamReader", "(System.String,System.Text.Encoding,System.Boolean,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.IO", "StringReader", False, "StringReader", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.IO", "TextReader", True, "Read", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "Read", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "Read", "(System.Span<System.Char>)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Span<System.Char>)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "Read", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
- ["System.IO", "TextReader", True, "Read", "(System.Span<System.Char>)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
# Post-update nodes for `Memory<T>` are currently unsupported. This model is provided for completeness
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Span<System.Char>)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
# Post-update nodes for `Memory<T>` are currently unsupported. This model is provided for completeness
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadLine", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadLineAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["System.IO", "TextReader", True, "ReadToEnd", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]

54
csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
View File

@@ -882,10 +882,10 @@ summary
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual |
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;();;Argument[this];ReturnValue;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadLine;();;Argument[this];ReturnValue;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadToEndAsync;();;Argument[this];ReturnValue;taint;manual |
@@ -9210,14 +9210,14 @@ summary
| System.IO;Stream;true;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual |
| System.IO;Stream;true;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated |
| System.IO;StreamReader;false;Read;();;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;ReadBlock;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StreamReader;false;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StreamReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StreamReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StreamReader;false;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StreamReader;false;ReadBlock;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StreamReader;false;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StreamReader;false;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StreamReader;false;ReadLine;();;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
| System.IO;StreamReader;false;ReadToEnd;();;Argument[this];ReturnValue;taint;manual |
@@ -9286,13 +9286,13 @@ summary
| System.IO;StreamWriter;false;get_BaseStream;();;Argument[this];ReturnValue;taint;df-generated |
| System.IO;StreamWriter;false;get_Encoding;();;Argument[this];ReturnValue;taint;df-generated |
| System.IO;StringReader;false;Read;();;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;ReadBlock;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StringReader;false;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StringReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StringReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StringReader;false;ReadBlock;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StringReader;false;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StringReader;false;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;StringReader;false;ReadLine;();;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
| System.IO;StringReader;false;ReadLineAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated |
@@ -9335,14 +9335,14 @@ summary
| System.IO;StringWriter;false;WriteLineAsync;(System.Text.StringBuilder,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated |
| System.IO;TextReader;false;Synchronized;(System.IO.TextReader);;Argument[0];ReturnValue;taint;df-generated |
| System.IO;TextReader;true;Read;();;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadBlock;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadBlock;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadLine;();;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadToEnd;();;Argument[this];ReturnValue;taint;manual |

16
csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
View File

@@ -7775,14 +7775,14 @@ summary
| System.IO;StringWriter;false;WriteLineAsync;(System.Text.StringBuilder,System.Threading.CancellationToken);;Argument[0];Argument[this];taint;df-generated |
| System.IO;TextReader;false;Synchronized;(System.IO.TextReader);;Argument[0];ReturnValue;taint;df-generated |
| System.IO;TextReader;true;Read;();;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadBlock;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadBlock;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
| System.IO;TextReader;true;ReadLine;();;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
| System.IO;TextReader;true;ReadToEnd;();;Argument[this];ReturnValue;taint;manual |