|
3 | 3 | */ |
4 | 4 |
|
5 | 5 | import csharp |
6 | | -private import semmle.code.csharp.dataflow.LibraryTypeDataFlow |
7 | 6 | private import semmle.code.csharp.dataflow.ExternalFlow |
8 | 7 |
|
9 | 8 | /** Definitions relating to the `Json.NET` package. */ |
@@ -224,46 +223,39 @@ module JsonNET { |
224 | 223 | LinqClass() { this.getDeclaringNamespace() instanceof LinqNamespace } |
225 | 224 | } |
226 | 225 |
|
| 226 | + /** Data flow for `Newtonsoft.Json.Linq.JToken`. */ |
| 227 | + private class JTokenClassFlowModelCsv extends SummaryModelCsv { |
| 228 | + override predicate row(string row) { |
| 229 | + row = |
| 230 | + [ |
| 231 | + "Newtonsoft.Json.Linq;JToken;false;SelectToken;(System.String);;Argument[-1];ReturnValue;taint", |
| 232 | + "Newtonsoft.Json.Linq;JToken;false;SelectToken;(System.String,Newtonsoft.Json.Linq.JsonSelectSettings);;Argument[-1];ReturnValue;taint", |
| 233 | + "Newtonsoft.Json.Linq;JToken;false;SelectToken;(System.String,System.Boolean);;Argument[-1];ReturnValue;taint", |
| 234 | + "Newtonsoft.Json.Linq;JToken;false;ToString;();;Argument[-1];ReturnValue;taint", |
| 235 | + "Newtonsoft.Json.Linq;JToken;false;ToString;(Newtonsoft.Json.Formatting,Newtonsoft.Json.JsonConverter[]);;Argument[-1];ReturnValue;taint", |
| 236 | + ] |
| 237 | + } |
| 238 | + } |
| 239 | + |
227 | 240 | /** The `NewtonSoft.Json.Linq.JObject` class. */ |
228 | | - class JObjectClass extends LinqClass, LibraryTypeDataFlow { |
| 241 | + class JObjectClass extends LinqClass { |
229 | 242 | JObjectClass() { this.hasName("JObject") } |
230 | 243 |
|
231 | | - override predicate callableFlow( |
232 | | - CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c, |
233 | | - boolean preservesValue |
234 | | - ) { |
235 | | - // ToString method |
236 | | - c = this.getBaseClass().getBaseClass().getAMethod("ToString") and |
237 | | - source instanceof CallableFlowSourceQualifier and |
238 | | - sink instanceof CallableFlowSinkReturn and |
239 | | - preservesValue = false |
240 | | - or |
241 | | - // Parse method |
242 | | - c = this.getParseMethod() and |
243 | | - source = any(CallableFlowSourceArg arg | arg.getArgumentIndex() = 0) and |
244 | | - sink instanceof CallableFlowSinkReturn and |
245 | | - preservesValue = false |
246 | | - or |
247 | | - // operator string |
248 | | - c = |
249 | | - any(Operator op | |
250 | | - op.getDeclaringType() = this.getABaseType*() and op.getReturnType() instanceof StringType |
251 | | - ) and |
252 | | - source.(CallableFlowSourceArg).getArgumentIndex() = 0 and |
253 | | - sink instanceof CallableFlowSinkReturn and |
254 | | - preservesValue = false |
255 | | - or |
256 | | - // SelectToken method |
257 | | - c = this.getSelectTokenMethod() and |
258 | | - source instanceof CallableFlowSourceQualifier and |
259 | | - sink instanceof CallableFlowSinkReturn and |
260 | | - preservesValue = false |
261 | | - } |
262 | | - |
263 | 244 | /** Gets the `Parse` method. */ |
264 | 245 | Method getParseMethod() { result = this.getAMethod("Parse") } |
265 | 246 |
|
266 | 247 | /** Gets the `SelectToken` method. */ |
267 | 248 | Method getSelectTokenMethod() { result = this.getABaseType*().getAMethod("SelectToken") } |
268 | 249 | } |
| 250 | + |
| 251 | + /** Data flow for `NewtonSoft.Json.Linq.JObject`. */ |
| 252 | + private class JObjectClassFlowModelCsv extends SummaryModelCsv { |
| 253 | + override predicate row(string row) { |
| 254 | + row = |
| 255 | + [ |
| 256 | + "Newtonsoft.Json.Linq;JObject;false;Parse;(System.String);;Argument[0];ReturnValue;taint", |
| 257 | + "Newtonsoft.Json.Linq;JObject;false;Parse;(System.String,Newtonsoft.Json.Linq.JsonLoadSettings);;Argument[0];ReturnValue;taint" |
| 258 | + ] |
| 259 | + } |
| 260 | + } |
269 | 261 | } |
0 commit comments