hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

C#: Consider FileStreams StoredFlowSources and propagate taint via StreamReader.

Browse Source
This commit is contained in:
Michael Nebel
2022-08-02 13:45:32 +02:00
parent 2b51e03223
commit f1cc7bb60c
3 changed files with 22 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
View File

@@ -383,7 +383,7 @@ module CsvValidation {
or
exists(string row, string kind | sourceModel(row) |
kind = row.splitAt(";", 7) and
not kind = "local" and
not kind = ["local", "file"] and
msg = "Invalid kind \"" + kind + "\" in source model."
)
}

15
csharp/ql/lib/semmle/code/csharp/frameworks/system/IO.qll
View File

@@ -179,6 +179,7 @@ class SystemIOMemoryStreamClass extends SystemIOClass {
}
}
/** Data flow for `System.IO.MemoryStream`. */
private class SystemIOMemoryStreamFlowModelCsv extends SummaryModelCsv {
override predicate row(string row) {
row =
@@ -192,3 +193,17 @@ private class SystemIOMemoryStreamFlowModelCsv extends SummaryModelCsv {
]
}
}
/** Sources for `System.IO.FileStream`. */
private class SystemIOFileStreamSourceModelCsv extends SourceModelCsv {
override predicate row(string row) {
row = "System.IO;FileStream;false;FileStream;;;Argument[Qualifier];file;manual"
}
}
/** Data flow for `System.IO.StreamReader`. */
private class SystemIOStreamSummaryModelCsv extends SummaryModelCsv {
override predicate row(string row) {
row = "System.IO;StreamReader;false;StreamReader;;;Argument[0];Argument[Qualifier];taint;manual"
}
}

6
csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll
View File

@@ -3,6 +3,7 @@
*/
import csharp
private import semmle.code.csharp.dataflow.ExternalFlow
private import semmle.code.csharp.frameworks.system.data.Common
private import semmle.code.csharp.frameworks.system.data.Entity
private import semmle.code.csharp.frameworks.EntityFramework
@@ -55,3 +56,8 @@ class ORMMappedProperty extends StoredFlowSource {
this instanceof NHibernate::StoredFlowSource
}
}
/** A file stream source is considered a stored flow source. */
class FileStreamStoredFlowSource extends StoredFlowSource {
FileStreamStoredFlowSource() { sourceNode(this, "file") }
}