C#: Convert System.Console.Read* local flow source to CSV

tamasvajk · tamasvajk · commit 45568d5b1059 · 2021-06-28T11:20:32.000+02:00
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/src/semmle/code/csharp/dataflow/ExternalFlow.qll
@@ -84,7 +84,7 @@ private import internal.FlowSummaryImplSpecific
  * ensuring that they are visible to the taint tracking / data flow library.
  */
 private module Frameworks {
-  // TODO
+  private import semmle.code.csharp.security.dataflow.flowsources.Local
 }
 
 /**
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/flowsources/Local.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/flowsources/Local.qll
@@ -4,13 +4,20 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.windows.Forms
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** A data flow source of local data. */
 abstract class LocalFlowSource extends DataFlow::Node {
   /** Gets a string that describes the type of this local flow source. */
   abstract string getSourceType();
 }
 
+private class ExternalLocalFlowSource extends LocalFlowSource {
+  ExternalLocalFlowSource() { sourceNode(this, "local") }
+
+  override string getSourceType() { result = "external" }
+}
+
 /** A data flow source of local user input. */
 abstract class LocalUserInputSource extends LocalFlowSource { }
 
@@ -22,13 +29,13 @@ class TextFieldSource extends LocalUserInputSource {
 }
 
 /** A call to any `System.Console.Read*` method. */
-class SystemConsoleReadSource extends LocalUserInputSource {
-  SystemConsoleReadSource() {
-    this.asExpr() =
-      any(MethodCall call |
-        call.getTarget().hasQualifiedName("System.Console", ["ReadLine", "Read", "ReadKey"])
-      )
+private class SystemConsoleReadSourceModelCsv extends SourceModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System;Console;false;ReadLine;;;ReturnValue;local",
+        "System;Console;false;Read;;;ReturnValue;local",
+        "System;Console;false;ReadKey;;;ReturnValue;local"
+      ]
   }
-
-  override string getSourceType() { result = "System.Console input" }
 }

Original file line number	Diff line number	Diff line change
`@@ -84,7 +84,7 @@ private import internal.FlowSummaryImplSpecific`
`84`	`84`	`* ensuring that they are visible to the taint tracking / data flow library.`
`85`	`85`	`*/`
`86`	`86`	`private module Frameworks {`
`87`		`- // TODO`
	`87`	`+ private import semmle.code.csharp.security.dataflow.flowsources.Local`
`88`	`88`	`}`
`89`	`89`
`90`	`90`	`/**`