C#: Recognize format methods without insertion parameters

2026-05-01 19:55:15 +02:00 · 2020-12-17 15:24:35 +01:00
parent 45893ab084
commit fe559c190e
3 changed files with 10 additions and 7 deletions
--- a/csharp/ql/src/semmle/code/csharp/frameworks/Format.qll
+++ b/csharp/ql/src/semmle/code/csharp/frameworks/Format.qll
@@ -13,7 +13,6 @@ class FormatMethod extends Method {
    exists(Class declType | declType = this.getDeclaringType() |
      this.getParameter(0).getType() instanceof SystemIFormatProviderInterface and
      this.getParameter(1).getType() instanceof StringType and
-      this.getNumberOfParameters() >= 3 and
      (
        this = any(SystemStringClass c).getFormatMethod()
        or
@@ -21,7 +20,6 @@ class FormatMethod extends Method {
      )
      or
      this.getParameter(0).getType() instanceof StringType and
-      this.getNumberOfParameters() >= 2 and
      (
        this = any(SystemStringClass c).getFormatMethod()
        or
--- a/Abuse/FormatMissingArgument/FormatMissingArgument.cs
+++ b/Abuse/FormatMissingArgument/FormatMissingArgument.cs
@@ -20,6 +20,9 @@ class Class1
        String.Format("{0} {1} {2} {3}", 0, 1, 2, 3);

        helper("{1}");
+
+        // BAD: Missing {0}
+        Console.WriteLine("{0}");
    }

    void helper(string format)
--- a/Abuse/FormatMissingArgument/FormatMissingArgument.expected
+++ b/Abuse/FormatMissingArgument/FormatMissingArgument.expected
@@ -5,18 +5,20 @@ nodes
 | FormatMissingArgument.cs:17:23:17:35 | "{0} {1} {2}" | semmle.label | "{0} {1} {2}" |
 | FormatMissingArgument.cs:20:23:20:39 | "{0} {1} {2} {3}" | semmle.label | "{0} {1} {2} {3}" |
 | FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | semmle.label | "{1}" : String |
-| FormatMissingArgument.cs:25:24:25:29 | format : String | semmle.label | format : String |
-| FormatMissingArgument.cs:28:23:28:28 | access to parameter format | semmle.label | access to parameter format |
+| FormatMissingArgument.cs:25:27:25:31 | "{0}" | semmle.label | "{0}" |
+| FormatMissingArgument.cs:28:24:28:29 | format : String | semmle.label | format : String |
+| FormatMissingArgument.cs:31:23:31:28 | access to parameter format | semmle.label | access to parameter format |
 | FormatMissingArgumentBad.cs:7:27:7:41 | "Hello {0} {1}" | semmle.label | "Hello {0} {1}" |
 | FormatMissingArgumentBad.cs:8:27:8:41 | "Hello {1} {2}" | semmle.label | "Hello {1} {2}" |
 | FormatMissingArgumentGood.cs:7:27:7:41 | "Hello {0} {1}" | semmle.label | "Hello {0} {1}" |
 edges
-| FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | FormatMissingArgument.cs:25:24:25:29 | format : String |
-| FormatMissingArgument.cs:25:24:25:29 | format : String | FormatMissingArgument.cs:28:23:28:28 | access to parameter format |
+| FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | FormatMissingArgument.cs:28:24:28:29 | format : String |
+| FormatMissingArgument.cs:28:24:28:29 | format : String | FormatMissingArgument.cs:31:23:31:28 | access to parameter format |
 #select
 | FormatMissingArgument.cs:11:9:11:31 | call to method Format | FormatMissingArgument.cs:11:23:11:27 | "{1}" | FormatMissingArgument.cs:11:23:11:27 | "{1}" | Argument '{1}' has not been supplied to $@ format string. | FormatMissingArgument.cs:11:23:11:27 | "{1}" | this |
 | FormatMissingArgument.cs:14:9:14:38 | call to method Format | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | Argument '{2}' has not been supplied to $@ format string. | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | this |
 | FormatMissingArgument.cs:14:9:14:38 | call to method Format | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | Argument '{3}' has not been supplied to $@ format string. | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | this |
-| FormatMissingArgument.cs:28:9:28:32 | call to method Format | FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | FormatMissingArgument.cs:28:23:28:28 | access to parameter format | Argument '{1}' has not been supplied to $@ format string. | FormatMissingArgument.cs:22:16:22:20 | "{1}" | this |
+| FormatMissingArgument.cs:25:9:25:32 | call to method WriteLine | FormatMissingArgument.cs:25:27:25:31 | "{0}" | FormatMissingArgument.cs:25:27:25:31 | "{0}" | Argument '{0}' has not been supplied to $@ format string. | FormatMissingArgument.cs:25:27:25:31 | "{0}" | this |
+| FormatMissingArgument.cs:31:9:31:32 | call to method Format | FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | FormatMissingArgument.cs:31:23:31:28 | access to parameter format | Argument '{1}' has not been supplied to $@ format string. | FormatMissingArgument.cs:22:16:22:20 | "{1}" | this |
 | FormatMissingArgumentBad.cs:7:9:7:49 | call to method WriteLine | FormatMissingArgumentBad.cs:7:27:7:41 | "Hello {0} {1}" | FormatMissingArgumentBad.cs:7:27:7:41 | "Hello {0} {1}" | Argument '{1}' has not been supplied to $@ format string. | FormatMissingArgumentBad.cs:7:27:7:41 | "Hello {0} {1}" | this |
 | FormatMissingArgumentBad.cs:8:9:8:55 | call to method WriteLine | FormatMissingArgumentBad.cs:8:27:8:41 | "Hello {1} {2}" | FormatMissingArgumentBad.cs:8:27:8:41 | "Hello {1} {2}" | Argument '{2}' has not been supplied to $@ format string. | FormatMissingArgumentBad.cs:8:27:8:41 | "Hello {1} {2}" | this |