C#: Only track taint through conversion operators defined in libraries

2025-12-17 01:03:14 +01:00 · 2019-11-28 15:21:04 +01:00
parent ce16bc553a
commit af453d081e
6 changed files with 40 additions and 54 deletions
--- a/csharp/ql/test/library-tests/dataflow/local/LocalDataFlow.cs
+++ b/csharp/ql/test/library-tests/dataflow/local/LocalDataFlow.cs
@@ -444,12 +444,6 @@ public class LocalDataFlow
        var sink74 = sink0 ?? nonSink0;
        Check(sink73);
        Check(sink74);
-
-        LocalDataFlow sink75 = sink74;
-        Check(sink75);
-
-        LocalDataFlow sink76 = (LocalDataFlow)sink66;
-        Check(sink76);
    }

    static void Check<T>(T x) { }
@@ -492,7 +486,11 @@ public class LocalDataFlow
        foreach(var o in os2 = os) { }
    }

-    public static implicit operator LocalDataFlow(string s) => null;
+    public static implicit operator LocalDataFlow(string[] args) => null;

-    public static explicit operator LocalDataFlow(int x) => null;
+    public void ConversionFlow(string[] args)
+    {
+        Span<object> span = args; // flow (library operator)
+        LocalDataFlow x = args; // no flow (source code operator)
+    }
 }