commandargs sources

csharp/ql/lib/ext/System.model.yml

@@ -7,6 +7,8 @@ extensions:
       - ["System", "Console", False, "ReadKey", "", "", "ReturnValue", "local", "manual"]
       - ["System", "Console", False, "ReadLine", "", "", "ReturnValue", "local", "manual"]
       - ["System", "Environment", False, "ExpandEnvironmentVariables", "", "", "ReturnValue", "environment", "manual"]
+      - ["System", "Environment", False, "GetCommandLineArgs", "", "", "ReturnValue", "commandargs", "manual"]
+      - ["System", "Environment", False, "get_CommandLine", "", "", "ReturnValue", "commandargs", "manual"]
       - ["System", "Environment", False, "GetEnvironmentVariable", "", "", "ReturnValue", "environment", "manual"]
       - ["System", "Environment", False, "GetEnvironmentVariables", "", "", "ReturnValue", "environment", "manual"]
   - addsTo:

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Local.qll

@@ -6,6 +6,7 @@ import csharp
 private import semmle.code.csharp.frameworks.system.windows.Forms
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
+private import semmle.code.csharp.commons.Util
 
 /** A data flow source of local data. */
 abstract class LocalFlowSource extends SourceNode {
@@ -30,9 +31,27 @@ class TextFieldSource extends LocalUserInputSource {
   override string getSourceType() { result = "TextBox text" }
 }
 
+/**
+ * A dataflow source that represents the access of an environment variable.
+ */
 abstract class EnvironmentVariableSource extends LocalFlowSource {
   override string getThreatModel() { result = "environment" }
 
   override string getSourceType() { result = "environment variable" }
 }
 
+/**
+ * A dataflow source that represents the access of a command line argument.
+ */
+abstract class CommandLineArgumentSource extends LocalFlowSource {
+  override string getThreatModel() { result = "commandargs" }
+
+  override string getSourceType() { result = "command line argument" }
+}
+
+/**
+ * A data flow source that represents the parameters of the `Main` method of a program.
+ */
+private class MainMethodArgumentSource extends CommandLineArgumentSource {
+  MainMethodArgumentSource() { this.asParameter() = any(MainMethod mainMethod).getAParameter() }
+}

csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandArgs.cs

@@ -0,0 +1,17 @@
+using System;
+
+namespace CommandArgs
+{
+    class CommandArgsUse
+    {
+        public static void M1()
+        {
+            string result = Environment.GetCommandLineArgs()[0];
+        }
+
+        public static void M2()
+        {
+            string result = Environment.CommandLine;
+        }
+    }
+}

csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandArgs.expected

@@ -0,0 +1,2 @@
+| CommandArgs.cs:9:29:9:60 | call to method GetCommandLineArgs |
+| CommandArgs.cs:14:29:14:51 | access to property CommandLine |

csharp/ql/test/library-tests/dataflow/flowsources/local/commandargs/CommandArgs.ql

@@ -0,0 +1,6 @@
+import csharp
+import semmle.code.csharp.dataflow.internal.ExternalFlow
+
+from DataFlow::Node source
+where sourceNode(source, "commandargs")
+select source