mirror of
https://github.com/github/codeql.git
synced 2026-04-22 07:15:15 +02:00
Add case for void-returning handler methods
This commit is contained in:
Joe Farebrother
@@ -251,10 +251,18 @@ private MethodCall getAPageCall(PageModelClass pm) {
|
||||
["Page", "RedirectToPage"])
|
||||
}
|
||||
|
||||
private MethodCall getImplicitThisCallInVoidHandler(PageModelClass pm) {
|
||||
result.getEnclosingCallable() = pm.getAHandlerMethod() and
|
||||
result.getEnclosingCallable().getReturnType() instanceof VoidType and
|
||||
result.hasImplicitThisQualifier()
|
||||
}
|
||||
|
||||
private class PageModelJumpNode extends DataFlow::NonLocalJumpNode {
|
||||
PageModelClass pm;
|
||||
|
||||
PageModelJumpNode() { this.asExpr() = getAPageCall(pm).getQualifier() }
|
||||
PageModelJumpNode() {
|
||||
this.asExpr() = [getAPageCall(pm), getImplicitThisCallInVoidHandler(pm)].getQualifier()
|
||||
}
|
||||
|
||||
override DataFlow::Node getAJumpSuccessor(boolean preservesValue) {
|
||||
preservesValue = true and
|
||||
|
||||
@@ -5,12 +5,16 @@ using System.Threading.Tasks;
|
||||
namespace test;
|
||||
|
||||
class TestModel : PageModel {
|
||||
public string Name {get; set; } = "abc";
|
||||
public string Name { get; set; } = "abc";
|
||||
|
||||
private string source() { return "x"; }
|
||||
|
||||
public async Task<IActionResult> OnGetAsync() {
|
||||
public async Task<IActionResult> OnPostAsync() {
|
||||
Name = source();
|
||||
return Page();
|
||||
}
|
||||
|
||||
public void OnGet() {
|
||||
Name = source();
|
||||
}
|
||||
}
|
||||
@@ -1 +1,2 @@
|
||||
| TestPage.cshtml:5:16:5:25 | access to property Name | TestModel.cs:13:16:13:23 | call to method source | TestPage.cshtml:5:16:5:25 | access to property Name | Xss |
|
||||
| TestPage.cshtml:5:16:5:25 | access to property Name | TestModel.cs:18:16:18:23 | call to method source | TestPage.cshtml:5:16:5:25 | access to property Name | Xss |
|
||||
|
||||
Reference in New Issue
Block a user