hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Use post-update nodes for this access in void handler

Browse Source
This commit is contained in:
Joe Farebrother
2024-01-04 14:25:21 +00:00
parent 7d11e4486e
commit e8c0fceb81
2 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
csharp/ql/lib/semmle/code/csharp/frameworks/Razor.qll
View File

@@ -4,6 +4,7 @@ private import csharp
private import codeql.util.Unit
private import codeql.util.FilePath
private import semmle.code.csharp.frameworks.microsoft.AspNetCore
private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
/** A call to the `View` method */
private class ViewCall extends MethodCall {
@@ -251,17 +252,18 @@ private MethodCall getAPageCall(PageModelClass pm) {
["Page", "RedirectToPage"])
}
private MethodCall getThisCallInVoidHandler(PageModelClass pm) {
private ThisAccess getThisCallInVoidHandler(PageModelClass pm) {
result.getEnclosingCallable() = pm.getAHandlerMethod() and
result.getEnclosingCallable().getReturnType() instanceof VoidType and
result.getQualifier() instanceof ThisAccess
result.getEnclosingCallable().getReturnType() instanceof VoidType
}
private class PageModelJumpNode extends DataFlow::NonLocalJumpNode {
PageModelClass pm;
PageModelJumpNode() {
this.asExpr() = [getAPageCall(pm), getThisCallInVoidHandler(pm)].getQualifier()
this.asExpr() = getAPageCall(pm).getQualifier()
or
this.(PostUpdateNode).getPreUpdateNode().asExpr() = getThisCallInVoidHandler(pm)
}
override DataFlow::Node getAJumpSuccessor(boolean preservesValue) {

6
csharp/ql/test/query-tests/Security Features/CWE-079/XssPageModels/test.expected
View File

@@ -3,10 +3,9 @@ edges
| TestModel.cs:13:21:13:28 | call to method source : String | TestModel.cs:13:9:13:12 | [post] this access : TestModel [property Name] : String |
| TestModel.cs:14:16:14:21 | this access : TestModel [property Name] : String | TestPage.cshtml.g.cs:63:35:63:48 | access to property Model : TestModel [property Name] : String |
| TestModel.cs:14:16:14:21 | this access : TestModel [property Name] : String | TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String |
| TestModel.cs:18:9:18:12 | [post] this access : TestModel [property Name] : String | TestModel.cs:18:16:18:23 | this access : TestModel [property Name] : String |
| TestModel.cs:18:9:18:12 | [post] this access : TestModel [property Name] : String | TestPage.cshtml.g.cs:63:35:63:48 | access to property Model : TestModel [property Name] : String |
| TestModel.cs:18:9:18:12 | [post] this access : TestModel [property Name] : String | TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String |
| TestModel.cs:18:16:18:23 | call to method source : String | TestModel.cs:18:9:18:12 | [post] this access : TestModel [property Name] : String |
| TestModel.cs:18:16:18:23 | this access : TestModel [property Name] : String | TestPage.cshtml.g.cs:63:35:63:48 | access to property Model : TestModel [property Name] : String |
| TestModel.cs:18:16:18:23 | this access : TestModel [property Name] : String | TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String |
| TestPage.cshtml.g.cs:63:35:63:48 | access to property Model : TestModel [property Name] : String | TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String |
| TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String | TestPage.cshtml:5:16:5:25 | access to property Name |
nodes
@@ -15,7 +14,6 @@ nodes
| TestModel.cs:14:16:14:21 | this access : TestModel [property Name] : String | semmle.label | this access : TestModel [property Name] : String |
| TestModel.cs:18:9:18:12 | [post] this access : TestModel [property Name] : String | semmle.label | [post] this access : TestModel [property Name] : String |
| TestModel.cs:18:16:18:23 | call to method source : String | semmle.label | call to method source : String |
| TestModel.cs:18:16:18:23 | this access : TestModel [property Name] : String | semmle.label | this access : TestModel [property Name] : String |
| TestPage.cshtml.g.cs:63:35:63:48 | access to property Model : TestModel [property Name] : String | semmle.label | access to property Model : TestModel [property Name] : String |
| TestPage.cshtml:5:16:5:20 | access to property Model : TestModel [property Name] : String | semmle.label | access to property Model : TestModel [property Name] : String |
| TestPage.cshtml:5:16:5:25 | access to property Name | semmle.label | access to property Name |