mirror of
https://github.com/github/codeql.git
synced 2026-04-26 17:25:19 +02:00
C#: Convert System.Text.StringBuilder flow to CSV format.
This commit is contained in:
Michael Nebel
@@ -537,69 +537,6 @@ class SystemIOStringReaderFlow extends LibraryTypeDataFlow, SystemIOStringReader
|
||||
|
||||
/** Data flow for `System.Text.StringBuilder`. */
|
||||
class SystemTextStringBuilderFlow extends LibraryTypeDataFlow, SystemTextStringBuilderClass {
|
||||
override predicate callableFlow(
|
||||
CallableFlowSource source, AccessPath sourceAp, CallableFlowSink sink, AccessPath sinkAp,
|
||||
SourceDeclarationCallable c, boolean preservesValue
|
||||
) {
|
||||
(
|
||||
this.constructorFlow(source, sourceAp, sink, sinkAp, c) and
|
||||
preservesValue = true
|
||||
or
|
||||
this.methodFlow(source, sourceAp, sink, sinkAp, c, preservesValue)
|
||||
)
|
||||
}
|
||||
|
||||
private predicate constructorFlow(
|
||||
CallableFlowSource source, AccessPath sourceAp, CallableFlowSink sink, AccessPath sinkAp,
|
||||
Constructor c
|
||||
) {
|
||||
c = this.getAMember() and
|
||||
c.getParameter(0).getType() instanceof StringType and
|
||||
source = TCallableFlowSourceArg(0) and
|
||||
sourceAp = AccessPath::empty() and
|
||||
sink = TCallableFlowSinkReturn() and
|
||||
sinkAp = AccessPath::element()
|
||||
}
|
||||
|
||||
private predicate methodFlow(
|
||||
CallableFlowSource source, AccessPath sourceAp, CallableFlowSink sink, AccessPath sinkAp,
|
||||
SourceDeclarationMethod m, boolean preservesValue
|
||||
) {
|
||||
exists(string name | m = this.getAMethod() and m.hasUndecoratedName(name) |
|
||||
name = "ToString" and
|
||||
source = TCallableFlowSourceQualifier() and
|
||||
sourceAp = AccessPath::element() and
|
||||
sink = TCallableFlowSinkReturn() and
|
||||
sinkAp = AccessPath::empty() and
|
||||
preservesValue = false
|
||||
or
|
||||
name.regexpMatch("Append(Format|Line|Join)?") and
|
||||
preservesValue = true and
|
||||
(
|
||||
exists(int i, Type t |
|
||||
t = m.getParameter(i).getType() and
|
||||
source = TCallableFlowSourceArg(i) and
|
||||
sink = TCallableFlowSinkQualifier() and
|
||||
sinkAp = AccessPath::element()
|
||||
|
|
||||
(
|
||||
t instanceof StringType or
|
||||
t instanceof ObjectType
|
||||
) and
|
||||
sourceAp = AccessPath::empty()
|
||||
or
|
||||
isCollectionType(t) and
|
||||
sourceAp = AccessPath::element()
|
||||
)
|
||||
or
|
||||
source = TCallableFlowSourceQualifier() and
|
||||
sourceAp = AccessPath::empty() and
|
||||
sink = TCallableFlowSinkReturn() and
|
||||
sinkAp = AccessPath::empty()
|
||||
)
|
||||
)
|
||||
}
|
||||
|
||||
override predicate clearsContent(
|
||||
CallableFlowSource source, Content content, SourceDeclarationCallable callable
|
||||
) {
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
|
||||
import csharp
|
||||
private import semmle.code.csharp.frameworks.System
|
||||
private import semmle.code.csharp.dataflow.ExternalFlow
|
||||
|
||||
/** The `System.Text` namespace. */
|
||||
class SystemTextNamespace extends Namespace {
|
||||
@@ -24,6 +25,97 @@ class SystemTextStringBuilderClass extends SystemTextClass {
|
||||
Method getAppendFormatMethod() { result = this.getAMethod("AppendFormat") }
|
||||
}
|
||||
|
||||
/** Data flow for `System.Text.StringBuilder`. */
|
||||
private class SystemTextStringBuilderFlowModelCsv extends SummaryModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
"System.Text;StringBuilder;false;Append;(System.Boolean);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Byte);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Char);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Char*,System.Int32);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Char,System.Int32);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Char[]);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Char[]);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Char[],System.Int32,System.Int32);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Decimal);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Double);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Int16);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Int32);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Int64);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Object);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Object);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.ReadOnlyMemory<System.Char>);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.ReadOnlySpan<System.Char>);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.SByte);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Single);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.String);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;Append;(System.String);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;Append;(System.String,System.Int32,System.Int32);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Text.StringBuilder);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.Text.StringBuilder,System.Int32,System.Int32);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.UInt16);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.UInt32);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;Append;(System.UInt64);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[2];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[2];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[3];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[2];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[3];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[4];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object,System.Object,System.Object);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.IFormatProvider,System.String,System.Object[]);;Element of Argument[2];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[2];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[2];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[3];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object,System.Object,System.Object);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendFormat;(System.String,System.Object[]);;Element of Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Object[]);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.Char,System.Object[]);;Element of Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.Char,System.String[]);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.Char,System.String[]);;Element of Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.String,System.Object[]);;Element of Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendJoin;(System.String,System.String[]);;Element of Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendJoin<>;(System.Char,System.Collections.Generic.IEnumerable<T>);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendJoin<>;(System.Char,System.Collections.Generic.IEnumerable<T>);;Element of Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendJoin<>;(System.String,System.Collections.Generic.IEnumerable<T>);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendJoin<>;(System.String,System.Collections.Generic.IEnumerable<T>);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendJoin<>;(System.String,System.Collections.Generic.IEnumerable<T>);;Element of Argument[1];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendLine;();;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[0];Element of Argument[-1];value",
|
||||
"System.Text;StringBuilder;false;AppendLine;(System.String);;Argument[-1];ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;StringBuilder;(System.String);;Argument[0];Element of ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32);;Argument[0];Element of ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;StringBuilder;(System.String,System.Int32,System.Int32,System.Int32);;Argument[0];Element of ReturnValue;value",
|
||||
"System.Text;StringBuilder;false;ToString;();;Element of Argument[-1];ReturnValue;taint",
|
||||
"System.Text;StringBuilder;false;ToString;(System.Int32,System.Int32);;Element of Argument[-1];ReturnValue;taint",
|
||||
]
|
||||
}
|
||||
}
|
||||
|
||||
/** The `System.Text.Encoding` class. */
|
||||
class SystemTextEncodingClass extends SystemTextClass {
|
||||
SystemTextEncodingClass() { this.hasName("Encoding") }
|
||||
|
||||
Reference in New Issue
Block a user