hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 13:45:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Introduce data flow return nodes

Browse Source 
Before this change,

```
flowOutOfCallableStep(CallNode call, ReturnNode ret, OutNode out, CallContext cc)
```

would compute all combinations of call sites `call` and returned expressions `ret`
up front.

Now, we instead introduce explicit return nodes, so each callable has exactly
one return node (as well as one for each `out`/`ref` parameter). There is then
local flow from a returned expression to the relevant return node, and
`flowOutOfCallableStep()` computes combinations of call sites and return nodes.

Not only does this result in better performance, it also makes `flowOutOfCallableStep()`
symmetric to `flowIntoCallableStep()`, where each argument is mapped to a parameter,
and not to all reads of that parameter.
This commit is contained in:
Tom Hvitved
2019-03-01 15:50:10 +01:00
parent e6630cda6b
commit e6f7632d4c
11 changed files with 297 additions and 163 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected
View File

@@ -1,23 +1,30 @@
edges
| InsecureRandomness.cs:21:26:21:45 | return | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString |
| InsecureRandomness.cs:28:29:28:43 | call to method Next | InsecureRandomness.cs:21:26:21:45 | return |
| InsecureRandomness.cs:28:29:28:43 | call to method Next | InsecureRandomness.cs:29:27:29:61 | call to method GetString |
| InsecureRandomness.cs:28:29:28:43 | call to method Next | InsecureRandomness.cs:31:16:31:32 | call to method ToString |
| InsecureRandomness.cs:29:27:29:61 | call to method GetString | InsecureRandomness.cs:21:26:21:45 | return |
| InsecureRandomness.cs:29:27:29:61 | call to method GetString | InsecureRandomness.cs:31:16:31:32 | call to method ToString |
| InsecureRandomness.cs:31:16:31:32 | call to method ToString | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString |
| InsecureRandomness.cs:31:16:31:32 | call to method ToString | InsecureRandomness.cs:21:26:21:45 | return |
| InsecureRandomness.cs:53:26:53:58 | return | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection |
| InsecureRandomness.cs:60:31:60:39 | call to method Next | InsecureRandomness.cs:53:26:53:58 | return |
| InsecureRandomness.cs:60:31:60:39 | call to method Next | InsecureRandomness.cs:62:16:62:32 | call to method ToString |
| InsecureRandomness.cs:62:16:62:32 | call to method ToString | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection |
| InsecureRandomness.cs:72:31:72:39 | call to method Next | InsecureRandomness.cs:74:16:74:21 | access to local variable result |
| InsecureRandomness.cs:74:16:74:21 | access to local variable result | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer |
| InsecureRandomness.cs:62:16:62:32 | call to method ToString | InsecureRandomness.cs:53:26:53:58 | return |
| InsecureRandomness.cs:65:26:65:56 | return | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer |
| InsecureRandomness.cs:72:31:72:39 | call to method Next | InsecureRandomness.cs:65:26:65:56 | return |
nodes
| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString |
| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection |
| InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer |
| InsecureRandomness.cs:21:26:21:45 | return |
| InsecureRandomness.cs:28:29:28:43 | call to method Next |
| InsecureRandomness.cs:29:27:29:61 | call to method GetString |
| InsecureRandomness.cs:31:16:31:32 | call to method ToString |
| InsecureRandomness.cs:53:26:53:58 | return |
| InsecureRandomness.cs:60:31:60:39 | call to method Next |
| InsecureRandomness.cs:62:16:62:32 | call to method ToString |
| InsecureRandomness.cs:65:26:65:56 | return |
| InsecureRandomness.cs:72:31:72:39 | call to method Next |
| InsecureRandomness.cs:74:16:74:21 | access to local variable result |
#select
| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | InsecureRandomness.cs:28:29:28:43 | call to method Next | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | Cryptographically insecure random number is generated at $@ and used here in a security context. | InsecureRandomness.cs:28:29:28:43 | call to method Next | call to method Next |
| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | InsecureRandomness.cs:60:31:60:39 | call to method Next | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | Cryptographically insecure random number is generated at $@ and used here in a security context. | InsecureRandomness.cs:60:31:60:39 | call to method Next | call to method Next |

4
csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected
View File

@@ -6,7 +6,8 @@ edges
| InappropriateEncoding.cs:36:28:36:55 | call to method UrlEncode | InappropriateEncoding.cs:38:22:38:59 | ... + ... |
| InappropriateEncoding.cs:36:28:36:55 | call to method UrlEncode | InappropriateEncoding.cs:39:22:39:71 | call to method Format |
| InappropriateEncoding.cs:57:28:57:56 | call to method HtmlEncode | InappropriateEncoding.cs:58:31:58:42 | access to local variable encodedValue |
| InappropriateEncoding.cs:68:16:68:42 | call to method Replace | InappropriateEncoding.cs:15:28:15:40 | call to method Encode |
| InappropriateEncoding.cs:66:19:66:24 | return | InappropriateEncoding.cs:15:28:15:40 | call to method Encode |
| InappropriateEncoding.cs:68:16:68:42 | call to method Replace | InappropriateEncoding.cs:66:19:66:24 | return |
| SqlEncode.cs:16:62:16:87 | call to method Replace | SqlEncode.cs:17:46:17:50 | access to local variable query |
| UrlEncode.cs:12:43:12:69 | call to method HtmlEncode | UrlEncode.cs:12:31:12:69 | ... + ... |
nodes
@@ -25,6 +26,7 @@ nodes
| InappropriateEncoding.cs:39:22:39:71 | call to method Format |
| InappropriateEncoding.cs:57:28:57:56 | call to method HtmlEncode |
| InappropriateEncoding.cs:58:31:58:42 | access to local variable encodedValue |
| InappropriateEncoding.cs:66:19:66:24 | return |
| InappropriateEncoding.cs:68:16:68:42 | call to method Replace |
| SqlEncode.cs:16:62:16:87 | call to method Replace |
| SqlEncode.cs:17:46:17:50 | access to local variable query |