C#: Autoformat.

geoffw0 · geoffw0 · commit 49e7addaa48c · 2019-10-22T09:56:42.000+01:00
diff --git a/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql b/csharp/ql/src/Security Features/CWE-020/RuntimeChecksBypass.ql
@@ -8,23 +8,25 @@
  * @tags security
  *       external/cwe/cwe-20
  */
+
 import semmle.code.csharp.security.serialization.Serialization
 
-/** The result is a write to the field `f`, assigning it the value
+/**
+ * The result is a write to the field `f`, assigning it the value
  * of variable `v` which was checked by the condition `check`.
  */
 Expr checkedWrite(Field f, Variable v, IfStmt check) {
-    result = v.getAnAccess() and
-    result = f.getAnAssignedValue() and
-    check.getCondition() = v.getAnAccess().getParent*() and
-    result.getAControlFlowNode() = check.getAControlFlowNode().getASuccessor*()
+  result = v.getAnAccess() and
+  result = f.getAnAssignedValue() and
+  check.getCondition() = v.getAnAccess().getParent*() and
+  result.getAControlFlowNode() = check.getAControlFlowNode().getASuccessor*()
 }
+
 from BinarySerializableType t, Field f, IfStmt check, Expr write, Expr unsafeWrite
-where f = t.getASerializedField()
-  and write = checkedWrite(f, t.getAConstructor().getAParameter(), check)
-  and unsafeWrite = f.getAnAssignedValue()
-  and t.getADeserializationCallback() = unsafeWrite.getEnclosingCallable()
-  and not t.getADeserializationCallback().calls*(checkedWrite(f, _, _).getEnclosingCallable())
-select unsafeWrite, "This write to $@ may be circumventing a $@.",
-    f, f.toString(),
-    check, "check"
+where
+  f = t.getASerializedField() and
+  write = checkedWrite(f, t.getAConstructor().getAParameter(), check) and
+  unsafeWrite = f.getAnAssignedValue() and
+  t.getADeserializationCallback() = unsafeWrite.getEnclosingCallable() and
+  not t.getADeserializationCallback().calls*(checkedWrite(f, _, _).getEnclosingCallable())
+select unsafeWrite, "This write to $@ may be circumventing a $@.", f, f.toString(), check, "check"
diff --git a/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql b/csharp/ql/src/Security Features/CWE-091/XMLInjection.ql
@@ -9,6 +9,7 @@
  * @tags security
  *       external/cwe/cwe-091
  */
+
 import csharp
 import semmle.code.csharp.dataflow.flowsources.Remote
 import semmle.code.csharp.frameworks.system.Xml
@@ -17,34 +18,33 @@ import semmle.code.csharp.frameworks.system.Xml
  * A taint-tracking configuration for untrusted user input used in XML.
  */
 class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() {
-    this = "XMLInjection"
-  }
+  TaintTrackingConfiguration() { this = "XMLInjection" }
 
-  override
-  predicate isSource(DataFlow::Node source) {
-    source instanceof RemoteFlowSource
-  }
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override
-  predicate isSink(DataFlow::Node sink) {
+  override predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |
       mc.getTarget().hasName("WriteRaw") and
-      mc.getTarget().getDeclaringType().getABaseType*().hasQualifiedName("System.Xml.XmlWriter") |
+      mc.getTarget().getDeclaringType().getABaseType*().hasQualifiedName("System.Xml.XmlWriter")
+    |
       mc.getArgument(0) = sink.asExpr()
     )
   }
 
-  override
-  predicate isSanitizer(DataFlow::Node node) {
+  override predicate isSanitizer(DataFlow::Node node) {
     exists(MethodCall mc |
       mc.getTarget().hasName("Escape") and
-      mc.getTarget().getDeclaringType().getABaseType*().hasQualifiedName("System.Security.SecurityElement") |
+      mc
+          .getTarget()
+          .getDeclaringType()
+          .getABaseType*()
+          .hasQualifiedName("System.Security.SecurityElement")
+    |
       mc = node.asExpr()
     )
   }
 }
 
 from TaintTrackingConfiguration c, DataFlow::Node source, DataFlow::Node sink
 where c.hasFlow(source, sink)
-select sink, "$@ flows to here and is inserted as XML.", source, "User-provided value"
+select sink, "$@ flows to here and is inserted as XML.", source, "User-provided value"
diff --git a/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql b/csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.ql
@@ -10,6 +10,7 @@
  * @tags security
  *       external/cwe/cwe-114
  */
+
 import csharp
 import semmle.code.csharp.dataflow.flowsources.Remote
 
@@ -18,41 +19,45 @@ class MainMethod extends Method {
     this.hasName("Main") and
     this.isStatic() and
     (this.getReturnType() instanceof VoidType or this.getReturnType() instanceof IntType) and
-    if this.getNumberOfParameters() = 1 then
-      this.getParameter(0).getType().(ArrayType).getElementType() instanceof StringType
-    else
-      this.getNumberOfParameters() = 0
+    if this.getNumberOfParameters() = 1
+    then this.getParameter(0).getType().(ArrayType).getElementType() instanceof StringType
+    else this.getNumberOfParameters() = 0
   }
 }
 
 /**
  * A taint-tracking configuration for untrusted user input used to load a DLL.
  */
 class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  TaintTrackingConfiguration() {
-    this = "DLLInjection"
-  }
+  TaintTrackingConfiguration() { this = "DLLInjection" }
 
-  override
-  predicate isSource(DataFlow::Node source) {
+  override predicate isSource(DataFlow::Node source) {
     source instanceof RemoteFlowSource or
     source.asExpr() = any(MainMethod main).getParameter(0).getAnAccess()
   }
 
-  override
-  predicate isSink(DataFlow::Node sink) {
+  override predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc, string name, int arg |
       mc.getTarget().getName().matches(name) and
-      mc.getTarget().getDeclaringType().getABaseType*().hasQualifiedName("System.Reflection.Assembly") and
-      mc.getArgument(arg) = sink.asExpr() |
-      name = "LoadFrom" and arg = 0 and mc.getNumberOfArguments() = [1..2] or
-      name = "LoadFile" and arg = 0 or
-      name = "LoadWithPartialName" and arg = 0 or
+      mc
+          .getTarget()
+          .getDeclaringType()
+          .getABaseType*()
+          .hasQualifiedName("System.Reflection.Assembly") and
+      mc.getArgument(arg) = sink.asExpr()
+    |
+      name = "LoadFrom" and arg = 0 and mc.getNumberOfArguments() = [1 .. 2]
+      or
+      name = "LoadFile" and arg = 0
+      or
+      name = "LoadWithPartialName" and arg = 0
+      or
       name = "UnsafeLoadFrom" and arg = 0
     )
   }
 }
 
 from TaintTrackingConfiguration c, DataFlow::Node source, DataFlow::Node sink
 where c.hasFlow(source, sink)
-select sink, "$@ flows to here and is used as the path to dynamically load an assembly.", source, "User-provided value"
+select sink, "$@ flows to here and is used as the path to dynamically load an assembly.", source,
+  "User-provided value"
diff --git a/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql b/csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql
@@ -15,23 +15,22 @@ import semmle.code.csharp.security.cryptography.EncryptionKeyDataFlow::Encryptio
  * The creation of a literal byte array.
  */
 class ByteArrayLiteralSource extends KeySource {
- ByteArrayLiteralSource() {
+  ByteArrayLiteralSource() {
     this.asExpr() = any(ArrayCreation ac |
-      ac.getArrayType().getElementType() instanceof ByteType and
-      ac.hasInitializer())
+        ac.getArrayType().getElementType() instanceof ByteType and
+        ac.hasInitializer()
+      )
   }
 }
 
 /**
  * Any string literal as a source
  */
 class StringLiteralSource extends KeySource {
-  StringLiteralSource() {
-    this.asExpr() instanceof StringLiteral
-  }
+  StringLiteralSource() { this.asExpr() instanceof StringLiteral }
 }
 
 from SymmetricKeyTaintTrackingConfiguration keyFlow, KeySource src, SymmetricEncryptionKeySink sink
 where keyFlow.hasFlow(src, sink)
-select sink, "Hard-coded symmetric $@ is used in symmetric algorithm in " + sink.getDescription(), src, "key"
-
+select sink, "Hard-coded symmetric $@ is used in symmetric algorithm in " + sink.getDescription(),
+  src, "key"
diff --git a/csharp/ql/src/semmle/code/csharp/serialization/Serialization.qll b/csharp/ql/src/semmle/code/csharp/serialization/Serialization.qll
@@ -18,13 +18,13 @@ abstract class SerializableType extends ValueOrRefType {
    * deserialization mechanism.
    */
   abstract Callable getADeserializationCallback();
-  
+
   /**
    * A field whose value is restored during a deserialization, rendering it
    * potentially untrusted.
    */
   abstract Field getASerializedField();
-  
+
   /**
    * Get a callback that is automatically executed (without user code
    * interaction) when an object instance is deserialized. This includes
@@ -33,12 +33,15 @@ abstract class SerializableType extends ValueOrRefType {
   Callable getAnAutomaticCallback() {
     result = this.getADeserializationCallback() or
     result.(Destructor).getDeclaringType() = this or
-    result = any(Method m | m.getDeclaringType() = this and
-      m.hasName("Dispose") and (
-        m.getNumberOfParameters() = 0 or
-        m.getNumberOfParameters() = 1 and m.getParameter(0).getType() instanceof BoolType
+    result = any(Method m |
+        m.getDeclaringType() = this and
+        m.hasName("Dispose") and
+        (
+          m.getNumberOfParameters() = 0
+          or
+          m.getNumberOfParameters() = 1 and m.getParameter(0).getType() instanceof BoolType
+        )
       )
-    )
   }
 }
 
@@ -47,24 +50,24 @@ abstract class SerializableType extends ValueOrRefType {
  * attribute.
  */
 class BinarySerializableType extends SerializableType {
-  BinarySerializableType() {
-    this.getAnAttribute().getType().hasName("SerializableAttribute")
-  }
-  
+  BinarySerializableType() { this.getAnAttribute().getType().hasName("SerializableAttribute") }
+
   /**
    * In addition to the defaults, a `BinarySerializer` will call any method annotated
    * with an `OnDeserialized` or `OnDeserializing` attribute, as well as an
    * `OnDeserialization` method.
    */
   override Callable getADeserializationCallback() {
-    result.(SerializationConstructor).getDeclaringType() = this or
-    result = this.getAMethod() and (
+    result.(SerializationConstructor).getDeclaringType() = this
+    or
+    result = this.getAMethod() and
+    (
       result.(Attributable).getAnAttribute().getType().hasName("OnDeserializedAttribute") or
       result.(Attributable).getAnAttribute().getType().hasName("OnDeserializingAttribute") or
       result.hasName("OnDeserialization")
     )
   }
-  
+
   override Field getASerializedField() {
     result.getDeclaringType() = this and
     not result.getAnAttribute().getType().hasName("NonSerializedAttribute") and
@@ -77,10 +80,8 @@ class BinarySerializableType extends SerializableType {
  * then it is serialized and deserialized in a special way.
  */
 class CustomBinarySerializableType extends BinarySerializableType {
-  CustomBinarySerializableType() {
-    this.getABaseType*().hasName("ISerializable")
-  }
-  
+  CustomBinarySerializableType() { this.getABaseType*().hasName("ISerializable") }
+
   /**
    * For custom deserialization, the `BinarySerializer` will call the serialization constructor.
    */
@@ -101,4 +102,4 @@ class DangerousCallable extends Callable {
     //assembly
     this.(Method).getQualifiedName().matches("System.Reflection.Assembly.%Load%")
   }
-}
+}
