Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1979a78

Browse files
michaelnebelmichaelnebel
committed
C#: Re-factor RequestForgery to use the new API.
1 parent b7e36b7 commit 1979a78

2 files changed

Lines changed: 40 additions & 4 deletions

File tree

csharp/ql/src/experimental/CWE-918/RequestForgery.ql

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,9 @@
1212

1313
import csharp
1414
import RequestForgery::RequestForgery
15-
import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
15+
import RequestForgeryFlow::PathGraph
1616

17-
from RequestForgeryConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
18-
where c.hasFlowPath(source, sink)
17+
from RequestForgeryFlow::PathNode source, RequestForgeryFlow::PathNode sink
18+
where RequestForgeryFlow::flowPath(source, sink)
1919
select sink.getNode(), source, sink, "The URL of this request depends on a $@.", source.getNode(),
2020
"user-provided value"

csharp/ql/src/experimental/CWE-918/RequestForgery.qll

Lines changed: 37 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,11 @@ module RequestForgery {
2424
abstract private class Barrier extends DataFlow::Node { }
2525

2626
/**
27+
* DEPRECATED: Use `RequestForgeryFlow` instead.
28+
*
2729
* A data flow configuration for detecting server side request forgery vulnerabilities.
2830
*/
29-
class RequestForgeryConfiguration extends DataFlow::Configuration {
31+
deprecated class RequestForgeryConfiguration extends DataFlow::Configuration {
3032
RequestForgeryConfiguration() { this = "Server Side Request forgery" }
3133

3234
override predicate isSource(DataFlow::Node source) { source instanceof Source }
@@ -54,6 +56,40 @@ module RequestForgery {
5456
override predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
5557
}
5658

59+
/**
60+
* A data flow configuration for detecting server side request forgery vulnerabilities.
61+
*/
62+
private module RequestForgeryFlowConfig implements DataFlow::ConfigSig {
63+
predicate isSource(DataFlow::Node source) { source instanceof Source }
64+
65+
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
66+
67+
predicate isAdditionalFlowStep(DataFlow::Node prev, DataFlow::Node succ) {
68+
interpolatedStringFlowStep(prev, succ)
69+
or
70+
stringReplaceStep(prev, succ)
71+
or
72+
uriCreationStep(prev, succ)
73+
or
74+
formatConvertStep(prev, succ)
75+
or
76+
toStringStep(prev, succ)
77+
or
78+
stringConcatStep(prev, succ)
79+
or
80+
stringFormatStep(prev, succ)
81+
or
82+
pathCombineStep(prev, succ)
83+
}
84+
85+
predicate isBarrier(DataFlow::Node node) { node instanceof Barrier }
86+
}
87+
88+
/**
89+
* A data flow module for detecting server side request forgery vulnerabilities.
90+
*/
91+
module RequestForgeryFlow = DataFlow::Global<RequestForgeryFlowConfig>;
92+
5793
/**
5894
* A remote data flow source taken as a source
5995
* for Server Side Request Forgery(SSRF) Vulnerabilities.

0 commit comments

Comments
 (0)