hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

C#: Match up sources, alerts and sinks in the tests.

Browse Source
This commit is contained in:
Michael Nebel
2025-04-23 11:42:45 +02:00
parent b6d2f14b9b
commit dcf11c2d4b
2 changed files with 26 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
csharp/ql/test/query-tests/API Abuse/FormatInvalid/FormatMissingArgument.cs
View File

@@ -23,33 +23,33 @@ class Class1
// GOOD: All arguments supplied to params
String.Format("{0} {1} {2} {3}", 0, 1, 2, 3);
helper("{1}"); // $ Source
helper("{1}"); // $ Source=source1
}
void helper(string format)
{
// BAD: Missing {1}
String.Format(format, 0); // $ Alert Sink
String.Format(format, 0); // $ Alert=source1 Sink=source1
}
void TestCompositeFormatMissingArgument()
{
var format0 = CompositeFormat.Parse("{0}");
var format1 = CompositeFormat.Parse("{1}"); // $ Source
var format1 = CompositeFormat.Parse("{1}"); // $ Source=source2
var format01 = CompositeFormat.Parse("{0}{1}");
var format23 = CompositeFormat.Parse("{2}{3}"); // $ Source
var format23 = CompositeFormat.Parse("{2}{3}"); // $ Source=source3
// GOOD: All args supplied
String.Format<string>(null, format0, "");
// BAD: Missing {1}
String.Format<string>(null, format1, ""); // $ Alert Sink
String.Format<string>(null, format1, ""); // $ Alert=source2 Sink=source2
// GOOD: All args supplied
String.Format<string, string>(null, format01, "", "");
// BAD: Missing {2} and {3}
String.Format<string, string>(null, format23, "", ""); // $ Alert Sink
String.Format<string, string>(null, format23, "", ""); // $ Alert=source3 Sink=source3
// GOOD: All arguments supplied
@@ -57,14 +57,14 @@ class Class1
sb.AppendFormat<string>(null, format0, "");
// BAD: Missing {1}
sb.AppendFormat(null, format1, ""); // $ Alert Sink
sb.AppendFormat<string>(null, format1, ""); // $ Alert Sink
sb.AppendFormat(null, format1, ""); // $ Alert=source2 Sink=source2
sb.AppendFormat<string>(null, format1, ""); // $ Alert=source2 Sink=source2
// GOOD: All args supplied
sb.AppendFormat<string, string>(null, format01, "", "");
// BAD: Missing {2} and {3}
sb.AppendFormat<string, string>(null, format23, "", ""); // $ Alert Sink
sb.AppendFormat<string, string>(null, format23, "", ""); // $ Alert=source3 Sink=source3
var span = new Span<char>();
@@ -74,14 +74,14 @@ class Class1
span.TryWrite<string>(null, format0, out _, "");
// BAD: Missing {1}
span.TryWrite(null, format1, out _, ""); // $ Alert Sink
span.TryWrite<string>(null, format1, out _, ""); // $ Alert Sink
span.TryWrite(null, format1, out _, ""); // $ Alert=source2 Sink=source2
span.TryWrite<string>(null, format1, out _, ""); // $ Alert=source2 Sink=source2
// GOOD: All args supplied
span.TryWrite<string, string>(null, format01, out _, "", "");
// BAD: Missing {2} and {3}
span.TryWrite<string, string>(null, format23, out _, "", ""); // $ Alert Sink
span.TryWrite<string, string>(null, format23, out _, "", ""); // $ Alert=source3 Sink=source3
}
object[] args;

29
csharp/ql/test/query-tests/API Abuse/FormatInvalid/FormatUnusedArgument.cs
View File

@@ -45,41 +45,40 @@ class C
void CompositeFormatTests()
{
var format = CompositeFormat.Parse("X"); // $ Source
var format00 = CompositeFormat.Parse("{0}{0}"); // $ Source
var format11 = CompositeFormat.Parse("{1}{1}"); // $ Source
var format = CompositeFormat.Parse("X"); // $ Source=source4
var format00 = CompositeFormat.Parse("{0}{0}"); // $ Source=source5
var format11 = CompositeFormat.Parse("{1}{1}"); // $ Source=source6
// BAD: Unused arg {0}
String.Format<string>(null, format, ""); // $ Alert Sink
String.Format<string>(null, format, ""); // $ Alert=source4 Sink=source4
// BAD: Unused arg {1}
String.Format<string, string>(null, format00, "", ""); // $ Alert Sink
String.Format<string, string>(null, format00, "", ""); // $ Alert=source5 Sink=source5
// BAD: Unused arg {0}
String.Format<string, string>(null, format11, "", ""); // $ Alert Sink
String.Format<string, string>(null, format11, "", ""); // $ Alert=source6 Sink=source6
// BAD: Unused arg {0}
sb.AppendFormat(null, format, ""); // $ Alert Sink
sb.AppendFormat<string>(null, format, ""); // $ Alert Sink
sb.AppendFormat(null, format, ""); // $ Alert=source4 Sink=source4
sb.AppendFormat<string>(null, format, ""); // $ Alert=source4 Sink=source4
// BAD: Unused arg {1}
sb.AppendFormat<string, string>(null, format00, "", ""); // $ Alert Sink
sb.AppendFormat<string, string>(null, format00, "", ""); // $ Alert=source5 Sink=source5
// BAD: Unused arg {0}
sb.AppendFormat<string, string>(null, format11, "", ""); // $ Alert Sink
sb.AppendFormat<string, string>(null, format11, "", ""); // $ Alert=source6 Sink=source6
var span = new Span<char>();
// BAD: Unused arg {0}
span.TryWrite(null, format, out _, ""); // $ Alert Sink
span.TryWrite<string>(null, format, out _, ""); // $ Alert Sink
span.TryWrite(null, format, out _, ""); // $ Alert=source4 Sink=source4
span.TryWrite<string>(null, format, out _, ""); // $ Alert=source4 Sink=source4
// BAD: Unused arg {1}
span.TryWrite<string, string>(null, format00, out _, "", ""); // $ Alert Sink
span.TryWrite<string, string>(null, format00, out _, "", ""); // $ Alert=source5 Sink=source5
// BAD: Unused arg {0}
span.TryWrite<string, string>(null, format11, out _, "", ""); // $ Alert Sink
span.TryWrite<string, string>(null, format11, out _, "", ""); // $ Alert=source6 Sink=source6
}
object[] ps;