Skip to content

Commit 0e7fdbe

Browse files
michaelnebelmichaelnebel
authored
Merge pull request #7384 from michaelnebel/csharp-mad-xml
C#: Convert XML related flow summaries to CSV and fix flow summaries test cases.
2 parents 062f7fe + edf472b commit 0e7fdbe

File tree

7 files changed

+245
-401
lines changed

7 files changed

+245
-401
lines changed

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -100,6 +100,7 @@ private module Frameworks {
100100
private import semmle.code.csharp.frameworks.JsonNET
101101
private import semmle.code.csharp.frameworks.system.IO
102102
private import semmle.code.csharp.frameworks.system.io.Compression
103+
private import semmle.code.csharp.frameworks.system.Xml
103104
}
104105

105106
/**
@@ -356,9 +357,14 @@ private class UnboundValueOrRefType extends ValueOrRefType {
356357
}
357358
}
358359

359-
private class UnboundCallable extends Callable {
360+
/** An unbound callable. */
361+
class UnboundCallable extends Callable {
360362
UnboundCallable() { this.isUnboundDeclaration() }
361363

364+
/**
365+
* Holds if this unbound callable overrides or implements (transitively)
366+
* `that` unbound callable.
367+
*/
362368
predicate overridesOrImplementsUnbound(UnboundCallable that) {
363369
exists(Callable c |
364370
this.(OverridableCallable).overridesOrImplements(c) and

csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll

Lines changed: 0 additions & 62 deletions
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@ private import semmle.code.csharp.frameworks.system.runtime.CompilerServices
1313
private import semmle.code.csharp.frameworks.system.threading.Tasks
1414
private import semmle.code.csharp.frameworks.system.Web
1515
private import semmle.code.csharp.frameworks.system.web.ui.WebControls
16-
private import semmle.code.csharp.frameworks.system.Xml
1716
private import semmle.code.csharp.dataflow.internal.DataFlowPrivate
1817
private import semmle.code.csharp.dataflow.internal.DataFlowPublic
1918
private import semmle.code.csharp.dataflow.internal.DelegateDataFlow
@@ -1777,67 +1776,6 @@ library class SystemTextEncodingFlow extends LibraryTypeDataFlow, SystemTextEnco
17771776
}
17781777
}
17791778

1780-
/** Data flow for `System.Xml.XmlReader`. */
1781-
class SystemXmlXmlReaderFlow extends LibraryTypeDataFlow, SystemXmlXmlReaderClass {
1782-
override predicate callableFlow(
1783-
CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
1784-
boolean preservesValue
1785-
) {
1786-
c = this.getCreateMethod() and
1787-
source = TCallableFlowSourceArg(0) and
1788-
sink = TCallableFlowSinkReturn() and
1789-
preservesValue = false
1790-
}
1791-
}
1792-
1793-
/** Data flow for `System.Xml.XmlDocument`. */
1794-
class SystemXmlXmlDocumentFlow extends LibraryTypeDataFlow, SystemXmlXmlDocumentClass {
1795-
override predicate callableFlow(
1796-
CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
1797-
boolean preservesValue
1798-
) {
1799-
c = this.getLoadMethod() and
1800-
source = TCallableFlowSourceArg(0) and
1801-
sink = TCallableFlowSinkQualifier() and
1802-
preservesValue = false
1803-
}
1804-
}
1805-
1806-
/** Data flow for `System.Xml.XmlNode`. */
1807-
class SystemXmlXmlNodeFlow extends LibraryTypeDataFlow, SystemXmlXmlNodeClass {
1808-
override predicate callableFlow(
1809-
CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
1810-
boolean preservesValue
1811-
) {
1812-
(
1813-
exists(Property p |
1814-
p = this.getAProperty() and
1815-
c = p.getGetter() and
1816-
source = TCallableFlowSourceQualifier() and
1817-
sink = TCallableFlowSinkReturn()
1818-
)
1819-
or
1820-
c = this.getASelectNodeMethod() and
1821-
source = TCallableFlowSourceQualifier() and
1822-
sink = TCallableFlowSinkReturn()
1823-
) and
1824-
preservesValue = false
1825-
}
1826-
}
1827-
1828-
/** Data flow for `System.Xml.XmlNamedNodeMap`. */
1829-
class SystemXmlXmlNamedNodeMapFlow extends LibraryTypeDataFlow, SystemXmlXmlNamedNodeMapClass {
1830-
override predicate callableFlow(
1831-
CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
1832-
boolean preservesValue
1833-
) {
1834-
c = this.getGetNamedItemMethod() and
1835-
source = TCallableFlowSourceQualifier() and
1836-
sink = TCallableFlowSinkReturn() and
1837-
preservesValue = true
1838-
}
1839-
}
1840-
18411779
/**
18421780
* Custom flow through `StringValues` library class.
18431781
*/

csharp/ql/lib/semmle/code/csharp/frameworks/system/Xml.qll

Lines changed: 83 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,7 @@
33
import csharp
44
private import semmle.code.csharp.frameworks.System
55
private import semmle.code.csharp.dataflow.DataFlow3
6+
private import semmle.code.csharp.dataflow.ExternalFlow
67

78
/** The `System.Xml` namespace. */
89
class SystemXmlNamespace extends Namespace {
@@ -35,8 +36,20 @@ class SystemXmlXmlDocumentClass extends Class {
3536
/** Gets the `Load` method. */
3637
Method getLoadMethod() {
3738
result = this.getAMethod() and
38-
result.hasName("Load") and
39-
result.isStatic()
39+
result.hasName("Load")
40+
}
41+
}
42+
43+
/** Data flow for `System.Xml.XmlDocument`. */
44+
private class SystemXmlXmlDocumentFlowModelCsv extends SummaryModelCsv {
45+
override predicate row(string row) {
46+
row =
47+
[
48+
"System.Xml;XmlDocument;false;Load;(System.IO.Stream);;Argument[0];Argument[-1];taint",
49+
"System.Xml;XmlDocument;false;Load;(System.IO.TextReader);;Argument[0];Argument[-1];taint",
50+
"System.Xml;XmlDocument;false;Load;(System.String);;Argument[0];Argument[-1];taint",
51+
"System.Xml;XmlDocument;false;Load;(System.Xml.XmlReader);;Argument[0];Argument[-1];taint"
52+
]
4053
}
4154
}
4255

@@ -55,6 +68,27 @@ class SystemXmlXmlReaderClass extends Class {
5568
}
5669
}
5770

71+
/** Data flow for `System.Xml.XmlReader`. */
72+
private class SystemXmlXmlReaderFlowModelCsv extends SummaryModelCsv {
73+
override predicate row(string row) {
74+
row =
75+
[
76+
"System.Xml;XmlReader;false;Create;(System.IO.Stream);;Argument[0];ReturnValue;taint",
77+
"System.Xml;XmlReader;false;Create;(System.IO.Stream,System.Xml.XmlReaderSettings);;Argument[0];ReturnValue;taint",
78+
"System.Xml;XmlReader;false;Create;(System.IO.Stream,System.Xml.XmlReaderSettings,System.String);;Argument[0];ReturnValue;taint",
79+
"System.Xml;XmlReader;false;Create;(System.IO.Stream,System.Xml.XmlReaderSettings,System.Xml.XmlParserContext);;Argument[0];ReturnValue;taint",
80+
"System.Xml;XmlReader;false;Create;(System.IO.TextReader);;Argument[0];ReturnValue;taint",
81+
"System.Xml;XmlReader;false;Create;(System.IO.TextReader,System.Xml.XmlReaderSettings);;Argument[0];ReturnValue;taint",
82+
"System.Xml;XmlReader;false;Create;(System.IO.TextReader,System.Xml.XmlReaderSettings,System.String);;Argument[0];ReturnValue;taint",
83+
"System.Xml;XmlReader;false;Create;(System.IO.TextReader,System.Xml.XmlReaderSettings,System.Xml.XmlParserContext);;Argument[0];ReturnValue;taint",
84+
"System.Xml;XmlReader;false;Create;(System.String);;Argument[0];ReturnValue;taint",
85+
"System.Xml;XmlReader;false;Create;(System.String,System.Xml.XmlReaderSettings);;Argument[0];ReturnValue;taint",
86+
"System.Xml;XmlReader;false;Create;(System.String,System.Xml.XmlReaderSettings,System.Xml.XmlParserContext);;Argument[0];ReturnValue;taint",
87+
"System.Xml;XmlReader;false;Create;(System.Xml.XmlReader,System.Xml.XmlReaderSettings);;Argument[0];ReturnValue;taint"
88+
]
89+
}
90+
}
91+
5892
/** The `System.Xml.XmlReaderSettings` class. */
5993
class SystemXmlXmlReaderSettingsClass extends Class {
6094
SystemXmlXmlReaderSettingsClass() {
@@ -101,6 +135,42 @@ class SystemXmlXmlNodeClass extends Class {
101135
}
102136
}
103137

138+
/** Data flow for `System.Xml.XmlNode`. */
139+
private class SystemXmlXmlNodeFlowModelCsv extends SummaryModelCsv {
140+
override predicate row(string row) {
141+
row =
142+
[
143+
"System.Xml;XmlNode;false;GetEnumerator;();;Element of Argument[-1];Property[System.Collections.IEnumerator.Current] of ReturnValue;value",
144+
"System.Xml;XmlNode;false;SelectNodes;(System.String);;Argument[-1];ReturnValue;taint",
145+
"System.Xml;XmlNode;false;SelectNodes;(System.String,System.Xml.XmlNamespaceManager);;Argument[-1];ReturnValue;taint",
146+
"System.Xml;XmlNode;false;SelectSingleNode;(System.String);;Argument[-1];ReturnValue;taint",
147+
"System.Xml;XmlNode;false;SelectSingleNode;(System.String,System.Xml.XmlNamespaceManager);;Argument[-1];ReturnValue;taint",
148+
"System.Xml;XmlNode;true;get_Attributes;();;Argument[-1];ReturnValue;taint",
149+
"System.Xml;XmlNode;true;get_BaseURI;();;Argument[-1];ReturnValue;taint",
150+
"System.Xml;XmlNode;true;get_ChildNodes;();;Argument[-1];ReturnValue;taint",
151+
"System.Xml;XmlNode;true;get_FirstChild;();;Argument[-1];ReturnValue;taint",
152+
"System.Xml;XmlNode;true;get_HasChildNodes;();;Argument[-1];ReturnValue;taint",
153+
"System.Xml;XmlNode;true;get_InnerText;();;Argument[-1];ReturnValue;taint",
154+
"System.Xml;XmlNode;true;get_InnerXml;();;Argument[-1];ReturnValue;taint",
155+
"System.Xml;XmlNode;true;get_IsReadOnly;();;Argument[-1];ReturnValue;taint",
156+
"System.Xml;XmlNode;true;get_LastChild;();;Argument[-1];ReturnValue;taint",
157+
"System.Xml;XmlNode;true;get_LocalName;();;Argument[-1];ReturnValue;taint",
158+
"System.Xml;XmlNode;true;get_Name;();;Argument[-1];ReturnValue;taint",
159+
"System.Xml;XmlNode;true;get_NamespaceURI;();;Argument[-1];ReturnValue;taint",
160+
"System.Xml;XmlNode;true;get_NextSibling;();;Argument[-1];ReturnValue;taint",
161+
"System.Xml;XmlNode;true;get_NodeType;();;Argument[-1];ReturnValue;taint",
162+
"System.Xml;XmlNode;true;get_OuterXml;();;Argument[-1];ReturnValue;taint",
163+
"System.Xml;XmlNode;true;get_OwnerDocument;();;Argument[-1];ReturnValue;taint",
164+
"System.Xml;XmlNode;true;get_ParentNode;();;Argument[-1];ReturnValue;taint",
165+
"System.Xml;XmlNode;true;get_Prefix;();;Argument[-1];ReturnValue;taint",
166+
"System.Xml;XmlNode;true;get_PreviousSibling;();;Argument[-1];ReturnValue;taint",
167+
"System.Xml;XmlNode;true;get_PreviousText;();;Argument[-1];ReturnValue;taint",
168+
"System.Xml;XmlNode;true;get_SchemaInfo;();;Argument[-1];ReturnValue;taint",
169+
"System.Xml;XmlNode;true;get_Value;();;Argument[-1];ReturnValue;taint"
170+
]
171+
}
172+
}
173+
104174
/** The `System.Xml.XmlNamedNodeMap` class. */
105175
class SystemXmlXmlNamedNodeMapClass extends Class {
106176
SystemXmlXmlNamedNodeMapClass() {
@@ -115,6 +185,17 @@ class SystemXmlXmlNamedNodeMapClass extends Class {
115185
}
116186
}
117187

188+
/** Data flow for `System.Xml.XmlNamedNodeMap`. */
189+
private class SystemXmlXmlNamedNodeMapClassFlowModelCsv extends SummaryModelCsv {
190+
override predicate row(string row) {
191+
row =
192+
[
193+
"System.Xml;XmlNamedNodeMap;false;GetNamedItem;(System.String);;Argument[-1];ReturnValue;value",
194+
"System.Xml;XmlNamedNodeMap;false;GetNamedItem;(System.String,System.String);;Argument[-1];ReturnValue;value"
195+
]
196+
}
197+
}
198+
118199
/** An enum constant in `System.Xml.ValidationType`. */
119200
class SystemXmlValidationType extends EnumConstant {
120201
SystemXmlValidationType() {

0 commit comments

Comments
 (0)