hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,252 Commits 1,671 Branches 157 Tags
revert-4653-feature/csharp9-relational-pattern
Commit Graph

242 Commits

Author SHA1 Message Date
calum
c9ffb38e4b C#: Add sources and sinks in Winforms. Update some queries with new sources and sinks. 2019-01-18 15:42:44 +00:00
Tom Hvitved
dd99525566 C#: Redefine AccessorCall 
The syntactic node assiociated with accessor calls was previously always the
underlying member access. For example, in

```
x.Prop = y.Prop;
```

the implicit call to `x.set_Prop()` was at the syntactic node `x.Prop`, while the
implicit call to `y.get_Prop()` was at the syntactic node `y.Prop`.

However, this breaks the invariant that arguments to calls dominate the call itself,
as the argument `y.Prop` for the implicit `value` parameter in `x.set_Prop()` will
be evaluated after the call (the left-hand side in an assignment is evaluated before
the right-hand side).

The solution is to redefine the access call to `x.set_Prop()` to point to the whole
assignment `x.Prop = y.Prop`, instead of the access `x.Prop`. For reads, we still want
to associate the accessor call with the member access.

A corner case arises when multiple setters are called in a tuple assignment:

```
(x.Prop1, x.Prop2) = (0, 1)
```

In this case, we cannot associate the assignment with both `x.set_Prop1()` and
`x.set_Prop2()`, so we instead revert to using the underlying member accesses as
before.
 2019-01-18 13:56:23 +01:00
Tom Hvitved
2caf724826 C#: Add more tests 2019-01-18 12:07:22 +01:00
Tom Hvitved
b2f99dbbc7 C#: Teach data flow library about CFG splitting 
Data flow nodes for expressions do not take CFG splitting into account. Example:

```
if (b)
    x = tainted;
x = x.ToLower();
if (!b)
    Use(x);
```

Flow is incorrectly reported from `tainted` to `x` in `Use(x)`, because the step
from `tainted` to `x.ToLower()` throws away the information that `b = true`.

The solution is to remember the splitting in data flow expression nodes, that is,
to represent the exact control flow node instead of just the expression. With that
we get flow from `tainted` to `[b = true] x.ToLower()`, but not from `tainted` to
`[b = false] x.ToLower()`.

The data flow API remains unchanged, but in order for analyses to fully benefit from
CFG splitting, sanitizers in particular should be CFG-based instead of expression-based:

```
if (b)
   x = tainted;
   if (IsInvalid(x))
       return;
Use(x);
```

If the call to `IsInvalid()` is a sanitizer, then defining an expression node to be
a sanitizer using `GuardedExpr` will be too conservative (`x` in `Use(x)` is in fact
not guarded). However, `[b = true] x` in `[b = true] Use(x)` is guarded, and to help
defining guard-based sanitizers, the class `GuardedDataFlowNode` has been introduced.
 2019-01-16 10:39:27 +01:00
Max Schaefer
b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
Tom Hvitved
33fcbc958d C#: Consider as expressions as maybe-null in cs/dereferenced-value-may-be-null 2018-12-20 14:54:48 +01:00
Tom Hvitved
ccda1c8d3d C#: Add nullness test using an as expression 2018-12-20 14:54:48 +01:00
Tom Hvitved
b2500a0c26 Merge branch 'master' into csharp/maybe-null-path-query 2018-12-19 20:22:19 +01:00
calumgrant
dbd0c7e80a Merge pull request #674 from hvitved/csharp/cache-get-label 
C#: Cache `NamedElement::getLabel()`
 2018-12-17 14:24:01 +00:00
Tom Hvitved
91e4f7ad83 C#: Make cs/dereferenced-value-may-be-null a path query 2018-12-14 12:07:16 +00:00
Tom Hvitved
e2f271bddb C#: Add more guard implication steps 2018-12-14 12:03:32 +00:00
Tom Hvitved
078dc7b6c0 C#: Fix false positives in cs/dereferenced-value-may-be-null 2018-12-14 12:03:32 +00:00
Tom Hvitved
287ce4e683 C#: Add more nullness tests 2018-12-14 12:03:32 +00:00
Aditya Sharad
f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Tom Hvitved
1366638f06 C#: Fix whitespaces 2018-12-12 13:13:13 +01:00
calum
3037b2b197 C#: Sync the -Good and -Bad files in the qltest to match the sample. 2018-12-12 11:36:00 +00:00
Tom Hvitved
fce805834e C#: Address review comments 2018-12-07 09:40:49 +01:00
Tom Hvitved
4739a6334e C#: Fix a bug and generalize guards implication logic 2018-12-03 15:33:00 +01:00
Tom Hvitved
3b0d1599ad C#: Teach guards library about unique assignments 
For example, in

```
void M(object x)
{
    var y = x == null ? 1 : 2;
    if (y == 2)
        x.ToString();
}
```

the guard `y == 2` implies that the guard `x == null` must be false,
as the assignment of `2` to `y` is unique.
 2018-11-30 17:43:10 +01:00
Tom Hvitved
ab9aa7d338 C#: Teach guards library about conditional assignments 
For example, in

```
void M(object x)
{
    var y = x != null ? "" : null;
    if (y != null)
        x.ToString();
}
```

the guard `y != null` implies that the guard `x != null` must be true.
 2018-11-30 17:41:36 +01:00
Tom Hvitved
80144a00c8 C#: Update nullness analyses 
Port the SSA-based logic from the Java nullness analyses.
 2018-11-30 17:41:31 +01:00
Tom Hvitved
d2a431e6f3 C#: Add more nullness tests 
Port many of the nullness test from Java, as well as add new tests.
 2018-11-30 17:02:05 +01:00
Jonas Jensen
9babb4366b Merge remote-tracking branch 'upstream/master' into mergeback-20181130 2018-11-30 10:13:33 +01:00
calum
6c6d7e4fff C#: Fix false-positives in cs/index-out-of-bounds. 2018-11-28 17:42:08 +00:00
calum
6b2e339ec5 C#: Address QL review comments. 2018-11-22 11:45:41 +00:00
calum
1bfa4d59e7 C#: Documentation for cs/uncontrolled-format-string 2018-11-22 11:21:35 +00:00
calum
fb09360ad6 C#: New query for cs/uncontrolled-string-format 2018-11-22 11:21:35 +00:00
Tom Hvitved
201f64ef8e Merge pull request #367 from calumgrant/cs/path-problems 
C#: Update all security queries to path-problems
 2018-11-22 12:02:11 +01:00
calum
69ab1ed5bd C#: Add nodes predicate to all path queries. 2018-11-21 12:35:05 +00:00
calum
1aa5e24108 C#: Remove duplicate results from cs/use-of-vulnerable-package 2018-11-16 16:50:35 +00:00
calum
cf4b04a3ee C#: Address review comments - adding .getNode() where appropriate. 2018-11-16 11:52:20 +00:00
calum
e908b090fd C#: Always use PathNode in a path-problem query. 2018-11-16 10:32:24 +00:00
calum
eddc52852d C#: Convert security queries to path-problem and update qltest expected output. 2018-11-16 10:31:20 +00:00
semmle-qlci
536f3f36b8 Merge pull request #428 from hvitved/csharp/more-guards 
Approved by calumgrant
 2018-11-15 15:07:56 +00:00
Tom Hvitved
dd6fd400aa Merge pull request #335 from calumgrant/cs/cwe-937 
C#: New query VulnerablePackage
 2018-11-12 10:34:53 +01:00
Tom Hvitved
5921a9ea51 C#: Teach guards library about assertions 2018-11-08 20:21:34 +01:00
Tom Hvitved
67e64f21d8 C#: Fix whitespaces 2018-11-07 08:52:38 +01:00
semmle-qlci
33c02fe928 Merge pull request #355 from hvitved/csharp/guards-logic 
Approved by calumgrant
 2018-11-06 19:06:30 +00:00
calum
c003150ed8 C#: Add missing file. 2018-11-02 16:46:49 +00:00
calum
29df7f5e96 C#: Mark false-negatives. 2018-11-02 16:46:49 +00:00
calum
7fa442d127 C#: Merge tests. 2018-11-02 16:46:49 +00:00
calum
ae96b347e2 C#: Address review comments. 2018-11-02 16:46:49 +00:00
calum
62fb693924 C#: Tidy up code and fix performance of remote flow sources. 2018-11-02 16:45:48 +00:00
calum
2090d69c3f C#: Tidy up tests. 2018-11-02 16:45:48 +00:00
calum
697e66e312 C#: Move test into subdirectory. 2018-11-02 16:45:48 +00:00
calum
d6e6ae66b8 C#: qltest stubs for UrlRedirect.ASPNETCore 2018-11-02 16:45:47 +00:00
calum
4655acadb2 C#: Stubs for XSSFlowASPNetCore test. 2018-11-02 16:45:47 +00:00
calum
8b8d2f9bef C#: Add auto-generated stubs. 2018-11-02 16:45:47 +00:00
Denis Levin
ba9cb5e22d cs: Adding sources and sinks for ASPNET.Core 
Inintial query checkin.
Note: tests require Nuget packages with ASPNET and ASPNETCore in Packages directory, and won't compile without them.
The packages.config should include this:
  <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNetCore.Antiforgery" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Authorization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cors" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cryptography.Internal" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Diagnostics" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Diagnostics.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting" version="1.1.3" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Hosting.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting.Server.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Html.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Features" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.HttpOverrides" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.JsonPatch" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Localization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ApiExplorer" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Cors" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.DataAnnotations" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Formatters.Json" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Localization" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor.Host" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.TagHelpers" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ViewFeatures" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor.Runtime" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCompression" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Rewrite" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Routing" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Routing.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Server.Kestrel" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.Kestrel.Https" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.WebListener" version="1.1.4" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.StaticFiles" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.WebUtilities" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.Extensions.DependencyInjection.Abstractions" version="1.1.1" targetFramework="net451" />
  <package id="Microsoft.Extensions.Primitives" version="2.1.0" targetFramework="net451" />
  <package id="Microsoft.NETCore.App" version="2.0.0" />
  <package id="Microsoft.AspNetCore.Mvc" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Features" version="2.1.0" />
 2018-11-02 16:45:47 +00:00
Tom Hvitved
665173692c C#: Fix whitespaces 2018-10-30 13:15:46 +01:00