From f43feac324f2d05bc4c42e3e17f058137b54efa0 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 22 Aug 2022 15:54:28 +0200 Subject: [PATCH] C#: Add models as data models for Clear. --- .../code/csharp/dataflow/ExternalFlow.qll | 1 + .../semmle/code/csharp/frameworks/System.qll | 2 ++ .../frameworks/microsoft/VisualBasic.qll | 1 + .../code/csharp/frameworks/system/CodeDom.qll | 9 +++++++ .../csharp/frameworks/system/Collections.qll | 18 +++---------- .../frameworks/system/ComponentModel.qll | 2 ++ .../frameworks/system/Configuration.qll | 26 +++++++++++++++++++ .../code/csharp/frameworks/system/Data.qll | 5 ++++ .../csharp/frameworks/system/Security.qll | 13 ++++++++++ .../system/collections/Concurrent.qll | 21 ++++++++++++++- .../frameworks/system/collections/Generic.qll | 5 ++++ .../system/collections/Immutable.qll | 22 +++++++++++++--- .../system/collections/Specialized.qll | 9 +++++++ .../csharp/frameworks/system/data/Common.qll | 8 ++++++ .../csharp/frameworks/system/net/Http.qll | 8 ++++++ .../system/runtime/CompilerServices.qll | 8 ++++++ 16 files changed, 139 insertions(+), 19 deletions(-) create mode 100644 csharp/ql/lib/semmle/code/csharp/frameworks/system/Configuration.qll diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll index 303c561721d..c735322c893 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll @@ -110,6 +110,7 @@ private module Frameworks { private import semmle.code.csharp.frameworks.system.collections.Specialized private import semmle.code.csharp.frameworks.system.ComponentModel private import semmle.code.csharp.frameworks.system.componentmodel.Design + private import semmle.code.csharp.frameworks.system.Configuration private import semmle.code.csharp.frameworks.system.Data private import semmle.code.csharp.frameworks.system.data.Common private import semmle.code.csharp.frameworks.system.Diagnostics diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll index e878179d7f8..652ec19a86a 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll @@ -71,6 +71,8 @@ private class SystemArrayFlowModelCsv extends SummaryModelCsv { row = [ "System;Array;false;AsReadOnly<>;(T[]);;Argument[0].Element;ReturnValue.Element;value;manual", + "System;Array;false;Clear;(System.Array,System.Int32,System.Int32);;Argument[0].WithoutElement;Argument[0];value;manual", + "System;Array;false;Clear;(System.Array);;Argument[0].WithoutElement;Argument[0];value;manual", "System;Array;false;Clone;();;Argument[0].Element;ReturnValue.Element;value;manual", "System;Array;false;CopyTo;(System.Array,System.Int64);;Argument[this].Element;Argument[0].Element;value;manual", "System;Array;false;Find<>;(T[],System.Predicate);;Argument[0].Element;Argument[1].Parameter[0];value;manual", diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/VisualBasic.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/VisualBasic.qll index 721ce089846..74954bcc200 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/VisualBasic.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/VisualBasic.qll @@ -7,6 +7,7 @@ private class MicrosoftVisualBasicCollectionFlowModelCsv extends SummaryModelCsv override predicate row(string row) { row = [ + "Microsoft.VisualBasic;Collection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "Microsoft.VisualBasic;Collection;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual", "Microsoft.VisualBasic;Collection;false;get_Item;(System.Int32);;Argument[this].Element;ReturnValue;value;manual", "Microsoft.VisualBasic;Collection;false;get_Item;(System.Object);;Argument[this].Element;ReturnValue;value;manual", diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/CodeDom.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/CodeDom.qll index 400e9954866..2688f14a3fe 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/CodeDom.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/CodeDom.qll @@ -2,6 +2,7 @@ import csharp private import semmle.code.csharp.frameworks.System +private import semmle.code.csharp.dataflow.ExternalFlow /** The `System.CodeDome` namespace. */ class SystemCodeDomNamespace extends Namespace { @@ -10,3 +11,11 @@ class SystemCodeDomNamespace extends Namespace { this.hasName("CodeDom") } } + +/** Data flow for `System.CodeDom.CodeNamespaceImportCollection`. */ +private class SystemCodeDomCodeNamespaceImportCollectionFlowModelCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + "System.CodeDom;CodeNamespaceImportCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual" + } +} diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll index f5ca63d3eb6..7a12a1546ef 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll @@ -46,20 +46,6 @@ private class SystemCollectionIEnumerableFlowModelCsv extends SummaryModelCsv { } } -/** Clear content for Clear methods in all subtypes of `System.Collections.IEnumerable`. */ -private class SystemCollectionsIEnumerableClearFlow extends SummarizedCallable { - SystemCollectionsIEnumerableClearFlow() { - this.getDeclaringType().(RefType).getABaseType*() instanceof - SystemCollectionsIEnumerableInterface and - this.hasName("Clear") - } - - override predicate clearsContent(ParameterPosition pos, DataFlow::ContentSet content) { - (if this.(Modifiable).isStatic() then pos.getPosition() = 0 else pos.isThisParameter()) and - content instanceof DataFlow::ElementContent - } -} - /** The `System.Collections.IEnumerator` interface. */ class SystemCollectionsIEnumeratorInterface extends SystemCollectionsInterface { SystemCollectionsIEnumeratorInterface() { this.hasName("IEnumerator") } @@ -96,6 +82,7 @@ private class SystemCollectionsIListFlowModelCsv extends SummaryModelCsv { row = [ "System.Collections;IList;true;Add;(System.Object);;Argument[0];Argument[this].Element;value;manual", + "System.Collections;IList;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Collections;IList;true;Insert;(System.Int32,System.Object);;Argument[1];Argument[this].Element;value;manual", "System.Collections;IList;true;get_Item;(System.Int32);;Argument[this].Element;ReturnValue;value;manual", "System.Collections;IList;true;set_Item;(System.Int32,System.Object);;Argument[1];Argument[this].Element;value;manual", @@ -115,6 +102,7 @@ private class SystemCollectionsIDictionaryFlowModelCsv extends SummaryModelCsv { [ "System.Collections;IDictionary;true;Add;(System.Object,System.Object);;Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key];value;manual", "System.Collections;IDictionary;true;Add;(System.Object,System.Object);;Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];value;manual", + "System.Collections;IDictionary;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Collections;IDictionary;true;get_Item;(System.Object);;Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];ReturnValue;value;manual", "System.Collections;IDictionary;true;get_Keys;();;Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key];ReturnValue.Element;value;manual", "System.Collections;IDictionary;true;get_Values;();;Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];ReturnValue.Element;value;manual", @@ -194,6 +182,7 @@ private class SystemCollectionsQueueFlowModelCsv extends SummaryModelCsv { override predicate row(string row) { row = [ + "System.Collections;Queue;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Collections;Queue;false;Clone;();;Argument[0].Element;ReturnValue.Element;value;manual", "System.Collections;Queue;false;Peek;();;Argument[this].Element;ReturnValue;value;manual", ] @@ -205,6 +194,7 @@ private class SystemCollectionsStackFlowModelCsv extends SummaryModelCsv { override predicate row(string row) { row = [ + "System.Collections;Stack;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Collections;Stack;false;Clone;();;Argument[0].Element;ReturnValue.Element;value;manual", "System.Collections;Stack;false;Peek;();;Argument[this].Element;ReturnValue;value;manual", "System.Collections;Stack;false;Pop;();;Argument[this].Element;ReturnValue;value;manual", diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/ComponentModel.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/ComponentModel.qll index 3eb5de6fd6f..fee6e5ce86d 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/ComponentModel.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/ComponentModel.qll @@ -12,6 +12,7 @@ private class SystemComponentModelPropertyDescriptorCollectionFlowModelCsv exten "System.ComponentModel;PropertyDescriptorCollection;false;Add;(System.ComponentModel.PropertyDescriptor);;Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];value;manual", "System.ComponentModel;PropertyDescriptorCollection;false;Add;(System.Object);;Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key];value;manual", "System.ComponentModel;PropertyDescriptorCollection;false;Add;(System.Object);;Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];value;manual", + "System.ComponentModel;PropertyDescriptorCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.ComponentModel;PropertyDescriptorCollection;false;Find;(System.String,System.Boolean);;Argument[this].Element;ReturnValue;value;manual", "System.ComponentModel;PropertyDescriptorCollection;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual", "System.ComponentModel;PropertyDescriptorCollection;false;Insert;(System.Int32,System.ComponentModel.PropertyDescriptor);;Argument[1];Argument[this].Element;value;manual", @@ -37,6 +38,7 @@ private class SystemComponentModelEventDescriptorCollectionFlowModelCsv extends row = [ "System.ComponentModel;EventDescriptorCollection;false;Add;(System.ComponentModel.EventDescriptor);;Argument[0];Argument[this].Element;value;manual", + "System.ComponentModel;EventDescriptorCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.ComponentModel;EventDescriptorCollection;false;Find;(System.String,System.Boolean);;Argument[this].Element;ReturnValue;value;manual", "System.ComponentModel;EventDescriptorCollection;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual", "System.ComponentModel;EventDescriptorCollection;false;Insert;(System.Int32,System.ComponentModel.EventDescriptor);;Argument[1];Argument[this].Element;value;manual", diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Configuration.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Configuration.qll new file mode 100644 index 00000000000..ab28ed772bd --- /dev/null +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Configuration.qll @@ -0,0 +1,26 @@ +/** Provides definitions related to the namespace `System.Configuration`. */ + +import csharp +private import semmle.code.csharp.dataflow.ExternalFlow + +/** Data flow for some collection classes in `System.Configuration.*`. */ +private class SystemClearFlowModelCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "System.Configuration;CommaDelimitedStringCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;ConfigurationLockCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;ConfigurationPropertyCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;ConfigurationSectionCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;ConfigurationSectionGroupCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;ConnectionStringSettingsCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;KeyValueConfigurationCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;NameValueConfigurationCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;ProviderSettingsCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;SettingElementCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;SettingsPropertyCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration;SettingsPropertyValueCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Configuration.Provider;ProviderCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + ] + } +} diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll index bc671003a42..0c91f35cbcd 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll @@ -150,6 +150,7 @@ private class SystemDataConstraintCollectionFlowModelCsv extends SummaryModelCsv [ "System.Data;ConstraintCollection;false;Add;(System.Data.Constraint);;Argument[0];Argument[this].Element;value;manual", "System.Data;ConstraintCollection;false;AddRange;(System.Data.Constraint[]);;Argument[0].Element;Argument[this].Element;value;manual", + "System.Data;ConstraintCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Data;ConstraintCollection;false;CopyTo;(System.Data.Constraint[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual", ] } @@ -163,6 +164,7 @@ private class SystemDataDataColumnCollectionFlowModelCsv extends SummaryModelCsv "System.Data;DataColumnCollection;false;Add;(System.Data.DataColumn);;Argument[0];Argument[this].Element;value;manual", "System.Data;DataColumnCollection;false;Add;(System.String);;Argument[0];Argument[this].Element;value;manual", "System.Data;DataColumnCollection;false;AddRange;(System.Data.DataColumn[]);;Argument[0].Element;Argument[this].Element;value;manual", + "System.Data;DataColumnCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Data;DataColumnCollection;false;CopyTo;(System.Data.DataColumn[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual", ] } @@ -174,6 +176,7 @@ private class SystemDataDataRelationCollectionFlowModelCsv extends SummaryModelC row = [ "System.Data;DataRelationCollection;false;Add;(System.Data.DataRelation);;Argument[0];Argument[this].Element;value;manual", + "System.Data;DataRelationCollection;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Data;DataRelationCollection;false;CopyTo;(System.Data.DataRelation[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual", "System.Data;DataRelationCollection;true;AddRange;(System.Data.DataRelation[]);;Argument[0].Element;Argument[this].Element;value;manual", ] @@ -187,6 +190,7 @@ private class SystemDataDataRawCollectionFlowModelCsv extends SummaryModelCsv { [ "System.Data;DataRowCollection;false;Add;(System.Data.DataRow);;Argument[0];Argument[this].Element;value;manual", "System.Data;DataRowCollection;false;Add;(System.Object[]);;Argument[0];Argument[this].Element;value;manual", + "System.Data;DataRowCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Data;DataRowCollection;false;CopyTo;(System.Data.DataRow[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual", "System.Data;DataRowCollection;false;Find;(System.Object);;Argument[this].Element;ReturnValue;value;manual", "System.Data;DataRowCollection;false;Find;(System.Object[]);;Argument[this].Element;ReturnValue;value;manual", @@ -202,6 +206,7 @@ private class SystemDataDataTableCollectionFlowModelCsv extends SummaryModelCsv "System.Data;DataTableCollection;false;Add;(System.Data.DataTable);;Argument[0];Argument[this].Element;value;manual", "System.Data;DataTableCollection;false;Add;(System.String);;Argument[0];Argument[this].Element;value;manual", "System.Data;DataTableCollection;false;AddRange;(System.Data.DataTable[]);;Argument[0].Element;Argument[this].Element;value;manual", + "System.Data;DataTableCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Data;DataTableCollection;false;CopyTo;(System.Data.DataTable[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual", ] } diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Security.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Security.qll index 02325e19383..15bfbeaef9f 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Security.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Security.qll @@ -1,6 +1,7 @@ /** Provides classes related to the namespace `System.Security`. */ import csharp +private import semmle.code.csharp.dataflow.ExternalFlow private import semmle.code.csharp.frameworks.System /** The `System.Security` namespace. */ @@ -15,3 +16,15 @@ class SystemSecurityNamespace extends Namespace { class SystemSecurityClass extends Class { SystemSecurityClass() { this.getNamespace() instanceof SystemSecurityNamespace } } + +/** Data flow for some collection like classes in `System.Security.*`. */ +private class SystemSecurityPolicyApplicationTrustCollectionFlowModelCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "System.Security.Permissions;KeyContainerPermissionAccessEntryCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Security.Policy;ApplicationTrustCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Security.Policy;Evidence;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + ] + } +} diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Concurrent.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Concurrent.qll index 34a827ee538..34022715227 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Concurrent.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Concurrent.qll @@ -44,6 +44,25 @@ private class SystemCollectionsConcurrentIProducerConsumerCollectionFlowModelCsv private class SystemCollectionsConcurrentConcurrentBagFlowModelCsv extends SummaryModelCsv { override predicate row(string row) { row = - "System.Collections.Concurrent;ConcurrentBag<>;false;Add;(T);;Argument[0];Argument[this].Element;value;manual" + [ + "System.Collections.Concurrent;ConcurrentBag<>;false;Add;(T);;Argument[0];Argument[this].Element;value;manual", + "System.Collections.Concurrent;ConcurrentBag<>;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + ] + } +} + +/** Data flow for `System.Collections.Concurrent.ConcurrentQueue<>`. */ +private class SystemCollectionsConcurrentConcurrentQueueFlowModelCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + "System.Collections.Concurrent;ConcurrentQueue<>;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual" + } +} + +/** Data flow for `System.Collections.Concurrent.ConcurrentStack<>`. */ +private class SystemCollectionsConcurrentConcurrentStackFlowModelCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + "System.Collections.Concurrent;ConcurrentStack<>;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual" } } diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Generic.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Generic.qll index 737dddd0ea5..9668ec4686b 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Generic.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Generic.qll @@ -197,6 +197,7 @@ private class SystemCollectionsGenericICollectionFlowModelCsv extends SummaryMod row = [ "System.Collections.Generic;ICollection<>;true;Add;(T);;Argument[0];Argument[this].Element;value;manual", + "System.Collections.Generic;ICollection<>;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Collections.Generic;ICollection<>;true;CopyTo;(T[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual", ] } @@ -289,6 +290,8 @@ private class SystemCollectionsGenericSortedListFlowModelCsv extends SummaryMode "System.Collections.Generic;SortedList<,>;false;SortedList;(System.Collections.Generic.IDictionary,System.Collections.Generic.IComparer);;Argument[0].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];value;manual", "System.Collections.Generic;SortedList<,>;false;get_Keys;();;Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key];ReturnValue.Element;value;manual", "System.Collections.Generic;SortedList<,>;false;get_Values;();;Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];ReturnValue.Element;value;manual", + "System.Collections.Generic;SortedList<,>+KeyList;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", + "System.Collections.Generic;SortedList<,>+ValueList;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", ] } } @@ -298,6 +301,7 @@ private class SystemCollectionsGenericQueueFlowModelCsv extends SummaryModelCsv override predicate row(string row) { row = [ + "System.Collections.Generic;Queue<>;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Collections.Generic;Queue<>;false;CopyTo;(T[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual", "System.Collections.Generic;Queue<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Generic.Queue<>+Enumerator.Current];value;manual", "System.Collections.Generic;Queue<>;false;Peek;();;Argument[this].Element;ReturnValue;value;manual", @@ -310,6 +314,7 @@ private class SystemCollectionsGenericStackFlowModelCsv extends SummaryModelCsv override predicate row(string row) { row = [ + "System.Collections.Generic;Stack<>;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Collections.Generic;Stack<>;false;CopyTo;(T[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual", "System.Collections.Generic;Stack<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Generic.Stack<>+Enumerator.Current];value;manual", "System.Collections.Generic;Stack<>;false;Peek;();;Argument[this].Element;ReturnValue;value;manual", diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Immutable.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Immutable.qll index 8440db4d7e7..2264730c5df 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Immutable.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Immutable.qll @@ -6,7 +6,10 @@ private import semmle.code.csharp.dataflow.ExternalFlow private class SystemCollectionsImmutableIImmutableDictionaryFlowModelCsv extends SummaryModelCsv { override predicate row(string row) { row = - "System.Collections.Immutable;IImmutableDictionary<,>;true;AddRange;(System.Collections.Generic.IEnumerable>);;Argument[0].Element;Argument[this].Element;value;manual" + [ + "System.Collections.Immutable;IImmutableDictionary<,>;true;AddRange;(System.Collections.Generic.IEnumerable>);;Argument[0].Element;Argument[this].Element;value;manual", + "System.Collections.Immutable;IImmutableDictionary<,>;true;Clear;();;Argument[this].WithoutElement;ReturnValue;value;manual", + ] } } @@ -65,6 +68,7 @@ private class SystemCollectionsImmutableIImmutableListFlowModelCsv extends Summa [ "System.Collections.Immutable;IImmutableList<>;true;Add;(T);;Argument[0];Argument[this].Element;value;manual", "System.Collections.Immutable;IImmutableList<>;true;AddRange;(System.Collections.Generic.IEnumerable);;Argument[0].Element;Argument[this].Element;value;manual", + "System.Collections.Immutable;IImmutableList<>;true;Clear;();;Argument[this].WithoutElement;ReturnValue;value;manual", ] } } @@ -124,7 +128,10 @@ private class SystemCollectionsImmutableImmutableSortedSetFlowModelCsv extends S private class SystemCollectionsImmutableIImmutableSetFlowModelCsv extends SummaryModelCsv { override predicate row(string row) { row = - "System.Collections.Immutable;IImmutableSet<>;true;Add;(T);;Argument[0];Argument[this].Element;value;manual" + [ + "System.Collections.Immutable;IImmutableSet<>;true;Add;(T);;Argument[0];Argument[this].Element;value;manual", + "System.Collections.Immutable;IImmutableSet<>;true;Clear;();;Argument[this].WithoutElement;ReturnValue;value;manual", + ] } } @@ -153,6 +160,7 @@ private class SystemCollectionsImmutableImmutableHashSetFlowModelCsv extends Sum [ "System.Collections.Immutable;ImmutableHashSet<>+Builder;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableHashSet<>+Enumerator.Current];value;manual", "System.Collections.Immutable;ImmutableHashSet<>;false;Add;(T);;Argument[0];Argument[this].Element;value;manual", + "System.Collections.Immutable;ImmutableHashSet<>;false;Clear;();;Argument[this].WithoutElement;ReturnValue;value;manual", "System.Collections.Immutable;ImmutableHashSet<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableHashSet<>+Enumerator.Current];value;manual", ] } @@ -162,7 +170,10 @@ private class SystemCollectionsImmutableImmutableHashSetFlowModelCsv extends Sum private class SystemCollectionsImmutableImmutableQueueFlowModelCsv extends SummaryModelCsv { override predicate row(string row) { row = - "System.Collections.Immutable;ImmutableQueue<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableQueue<>+Enumerator.Current];value;manual" + [ + "System.Collections.Immutable;IImmutableQueue<>;true;Clear;();;Argument[this].WithoutElement;ReturnValue;value;manual", + "System.Collections.Immutable;ImmutableQueue<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableQueue<>+Enumerator.Current];value;manual", + ] } } @@ -170,6 +181,9 @@ private class SystemCollectionsImmutableImmutableQueueFlowModelCsv extends Summa private class SystemCollectionsImmutableImmutableStackFlowModelCsv extends SummaryModelCsv { override predicate row(string row) { row = - "System.Collections.Immutable;ImmutableStack<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableStack<>+Enumerator.Current];value;manual" + [ + "System.Collections.Immutable;IImmutableStack<>;true;Clear;();;Argument[this].WithoutElement;ReturnValue;value;manual", + "System.Collections.Immutable;ImmutableStack<>;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.Immutable.ImmutableStack<>+Enumerator.Current];value;manual", + ] } } diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Specialized.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Specialized.qll index acdd2adc473..16da8fe1087 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Specialized.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Specialized.qll @@ -30,6 +30,7 @@ private class SystemCollectionsSpecializedNameValueCollectionFlowModelCsv extend row = [ "System.Collections.Specialized;NameValueCollection;false;Add;(System.Collections.Specialized.NameValueCollection);;Argument[0];Argument[this].Element;value;manual", + "System.Collections.Specialized;NameValueCollection;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual", "System.Collections.Specialized;NameValueCollection;false;CopyTo;(System.Array,System.Int32);;Argument[this].Element;Argument[0].Element;value;manual", ] } @@ -70,3 +71,11 @@ private class SystemCollectionsSpecializedStringCollectionFlowModelCsv extends S ] } } + +/** Data flow for `System.Collections.Specialized.StringDictionary`. */ +private class SystemCollectionsSpecializedStringDictionaryFlowModelCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + "System.Collections.Specialized;StringDictionary;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual" + } +} diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/data/Common.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/data/Common.qll index e9c97335ce7..522e107a91b 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/data/Common.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/data/Common.qll @@ -95,3 +95,11 @@ private class SystemDataCommonDbParameterCollectionFlowModelCsv extends External ] } } + +/** Data flow for `System.Data.Common.DbBatchCommandCollection`. */ +private class SystemDataCommonDbBatchCommandCollectionFlowModelCsv extends ExternalFlow::SummaryModelCsv { + override predicate row(string row) { + row = + "System.Data.Common;DbBatchCommandCollection;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual" + } +} diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/net/Http.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/net/Http.qll index 574945867ac..7096adee635 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/net/Http.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/net/Http.qll @@ -28,3 +28,11 @@ private class SystemNetHttpMultipartFormDataContentFlowModelCsv extends SummaryM "System.Net.Http;MultipartFormDataContent;false;Add;(System.Net.Http.HttpContent);;Argument[0];Argument[this].Element;value;manual" } } + +/** Data flow for `System.Net.Http.Headers.HttpHeaders`. */ +private class SystemNetHttpHeadersHttpHeadersFlowModelCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + "System.Net.Http.Headers;HttpHeaders;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual" + } +} diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/runtime/CompilerServices.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/runtime/CompilerServices.qll index e0b2b54f59b..705896a5b0a 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/runtime/CompilerServices.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/runtime/CompilerServices.qll @@ -103,3 +103,11 @@ private class SystemRuntimeCompilerServicesReadOnlyCollectionBuilderFlowModelCsv ] } } + +/** Data flow for `System.Runtime.CompilerServices.ConditionalWeakTable<,>`. */ +private class SystemRuntimeCompilerServicesConditionalWeakTableFlowModelCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + "System.Runtime.CompilerServices;ConditionalWeakTable<,>;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual" + } +}