C#: Escape IDs in TRAP label definitions

2026-05-05 05:35:13 +02:00 · 2021-05-06 10:45:37 +02:00
parent 059a5f35fa
commit fab8400ecd
72 changed files with 486 additions and 169 deletions
--- a/csharp/extractor/Semmle.Extraction/Entities/Base/Entity.cs
+++ b/csharp/extractor/Semmle.Extraction/Entities/Base/Entity.cs
@@ -15,9 +15,14 @@ namespace Semmle.Extraction

        public Label Label { get; set; }

-        public abstract void WriteId(TextWriter trapFile);
+        public abstract void WriteId(EscapingTextWriter trapFile);

-        public abstract void WriteQuotedId(TextWriter trapFile);
+        public virtual void WriteQuotedId(EscapingTextWriter trapFile)
+        {
+            trapFile.WriteUnescaped("@\"");
+            WriteId(trapFile);
+            trapFile.WriteUnescaped('\"');
+        }

        public abstract Location? ReportingLocation { get; }

@@ -27,9 +32,10 @@ namespace Semmle.Extraction
        {
            trapFile.WriteLabel(this);
            trapFile.Write("=");
+            using var escaping = new EscapingTextWriter(trapFile);
            try
            {
-                WriteQuotedId(trapFile);
+                WriteQuotedId(escaping);
            }
            catch (Exception ex)  // lgtm[cs/catch-of-all-exceptions]
            {
@@ -51,7 +57,7 @@ namespace Semmle.Extraction
        /// </summary>
        public string GetDebugLabel()
        {
-            using var writer = new StringWriter();
+            using var writer = new EscapingTextWriter();
            writer.WriteLabel(Label.Value);
            writer.Write('=');
            WriteQuotedId(writer);
--- a/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs
+++ b/csharp/extractor/Semmle.Extraction/Entities/Base/IEntity.cs
@@ -29,14 +29,14 @@ namespace Semmle.Extraction
        /// Writes the unique identifier of this entitiy to a trap file.
        /// </summary>
        /// <param name="trapFile">The trapfile to write to.</param>
-        void WriteId(TextWriter trapFile);
+        void WriteId(EscapingTextWriter trapFile);

        /// <summary>
        /// Writes the quoted identifier of this entity,
        /// which could be @"..." or *
        /// </summary>
        /// <param name="trapFile">The trapfile to write to.</param>
-        void WriteQuotedId(TextWriter trapFile);
+        void WriteQuotedId(EscapingTextWriter trapFile);

        /// <summary>
        /// The location for reporting purposes.
--- a/csharp/extractor/Semmle.Extraction/Entities/Base/LabelledEntity.cs
+++ b/csharp/extractor/Semmle.Extraction/Entities/Base/LabelledEntity.cs
@@ -7,12 +7,5 @@ namespace Semmle.Extraction
        protected LabelledEntity(Context cx) : base(cx)
        {
        }
-
-        public override void WriteQuotedId(TextWriter trapFile)
-        {
-            trapFile.Write("@\"");
-            WriteId(trapFile);
-            trapFile.Write('\"');
-        }
    }
 }
--- a/csharp/extractor/Semmle.Extraction/Entities/Base/UnlabelledEntity.cs
+++ b/csharp/extractor/Semmle.Extraction/Entities/Base/UnlabelledEntity.cs
@@ -9,14 +9,14 @@ namespace Semmle.Extraction
            cx.AddFreshLabel(this);
        }

-        public sealed override void WriteId(TextWriter writer)
+        public sealed override void WriteId(EscapingTextWriter writer)
        {
            writer.Write('*');
        }

-        public sealed override void WriteQuotedId(TextWriter writer)
+        public sealed override void WriteQuotedId(EscapingTextWriter writer)
        {
-            WriteId(writer);
+            writer.Write('*');
        }
    }
 }
--- a/csharp/extractor/Semmle.Extraction/Entities/File.cs
+++ b/csharp/extractor/Semmle.Extraction/Entities/File.cs
@@ -17,7 +17,7 @@ namespace Semmle.Extraction.Entities

        public override bool NeedsPopulation => true;

-        public override void WriteId(System.IO.TextWriter trapFile)
+        public override void WriteId(EscapingTextWriter trapFile)
        {
            trapFile.Write(TransformedPath.DatabaseId);
            trapFile.Write(";sourcefile");
--- a/csharp/extractor/Semmle.Extraction/Entities/Folder.cs
+++ b/csharp/extractor/Semmle.Extraction/Entities/Folder.cs
@@ -15,7 +15,7 @@ namespace Semmle.Extraction.Entities

        public override bool NeedsPopulation => true;

-        public override void WriteId(System.IO.TextWriter trapFile)
+        public override void WriteId(EscapingTextWriter trapFile)
        {
            trapFile.Write(Symbol.DatabaseId);
            trapFile.Write(";folder");
--- a/csharp/extractor/Semmle.Extraction/Entities/GeneratedFile.cs
+++ b/csharp/extractor/Semmle.Extraction/Entities/GeneratedFile.cs
@@ -13,7 +13,7 @@ namespace Semmle.Extraction.Entities
            trapFile.files(this, "", "", "");
        }

-        public override void WriteId(TextWriter trapFile)
+        public override void WriteId(EscapingTextWriter trapFile)
        {
            trapFile.Write("GENERATED;sourcefile");
        }
--- a/csharp/extractor/Semmle.Extraction/Entities/GeneratedLocation.cs
+++ b/csharp/extractor/Semmle.Extraction/Entities/GeneratedLocation.cs
@@ -17,7 +17,7 @@ namespace Semmle.Extraction.Entities
            trapFile.locations_default(this, generatedFile, 0, 0, 0, 0);
        }

-        public override void WriteId(TextWriter trapFile)
+        public override void WriteId(EscapingTextWriter trapFile)
        {
            trapFile.Write("loc,");
            trapFile.WriteSubId(generatedFile);