Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit ad27a5a

Browse files
michaelnebelmichaelnebel
committed
C#/Java: Add some more QL Doc to the CaptureModels[Specific] implementation.
1 parent 62dcbff commit ad27a5a

4 files changed

Lines changed: 42 additions & 2 deletions

File tree

csharp/ql/src/utils/model-generator/internal/CaptureModels.qll

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,13 @@ string captureThroughFlow(TargetApi api) {
9898
)
9999
}
100100

101+
/**
102+
* A TaintTracking Configuration used for tracking flow through APIs.
103+
* The sources are the already known existing sources and the sinks are the API return nodes.
104+
*
105+
* This can be used to generate Source summaries for an API, if the API expose an already known source
106+
* via its return (then the API itself becomes a source).
107+
*/
101108
private class FromSourceConfiguration extends TaintTracking::Configuration {
102109
FromSourceConfiguration() { this = "FromSourceConfiguration" }
103110

@@ -131,6 +138,13 @@ string captureSource(TargetApi api) {
131138
)
132139
}
133140

141+
/**
142+
* A TaintTracking Configuration used for tracking flow through APIs.
143+
* The sources are the parameters of the API and the fields of the enclosing type.
144+
*
145+
* This can be used to generate Sink summaries for APIs, if the API propgates a parameter (or enclosing type field)
146+
* into an existing known sink (then the API itself becomes a sink).
147+
*/
134148
private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
135149
PropagateToSinkConfiguration() { this = "parameters or fields flowing into sinks" }
136150

csharp/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,9 @@ predicate isOwnInstanceAccessNode(ReturnNode node) { node.asExpr() instanceof Th
2424
*/
2525
string qualifierString() { result = "Argument[Qualifier]" }
2626

27+
/**
28+
* Language specific parts of the `PropagateToSinkConfiguration`.
29+
*/
2730
class PropagateToSinkConfigurationSpecific extends TaintTracking::Configuration {
2831
PropagateToSinkConfigurationSpecific() { this = "parameters or fields flowing into sinks" }
2932

@@ -34,12 +37,15 @@ class PropagateToSinkConfigurationSpecific extends TaintTracking::Configuration
3437
}
3538
}
3639

40+
/**
41+
* Gets the CSV input string representation of `source`.
42+
*/
3743
string asInputArgument(DataFlow::Node source) {
3844
exists(int pos |
3945
pos = source.(DataFlow::ParameterNode).getParameter().getPosition() and
4046
result = "Argument[" + pos + "]"
4147
)
4248
or
4349
source.asExpr() instanceof FieldAccess and
44-
result = "Argument[Qualifier]"
50+
result = qualifierString()
4551
}

java/ql/src/utils/model-generator/internal/CaptureModels.qll

Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,13 @@ string captureThroughFlow(TargetApi api) {
9898
)
9999
}
100100

101+
/**
102+
* A TaintTracking Configuration used for tracking flow through APIs.
103+
* The sources are the already known existing sources and the sinks are the API return nodes.
104+
*
105+
* This can be used to generate Source summaries for an API, if the API expose an already known source
106+
* via its return (then the API itself becomes a source).
107+
*/
101108
private class FromSourceConfiguration extends TaintTracking::Configuration {
102109
FromSourceConfiguration() { this = "FromSourceConfiguration" }
103110

@@ -131,6 +138,13 @@ string captureSource(TargetApi api) {
131138
)
132139
}
133140

141+
/**
142+
* A TaintTracking Configuration used for tracking flow through APIs.
143+
* The sources are the parameters of the API and the fields of the enclosing type.
144+
*
145+
* This can be used to generate Sink summaries for APIs, if the API propgates a parameter (or enclosing type field)
146+
* into an existing known sink (then the API itself becomes a sink).
147+
*/
134148
private class PropagateToSinkConfiguration extends PropagateToSinkConfigurationSpecific {
135149
PropagateToSinkConfiguration() { this = "parameters or fields flowing into sinks" }
136150

java/ql/src/utils/model-generator/internal/CaptureModelsSpecific.qll

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,9 @@ predicate isOwnInstanceAccessNode(ReturnNode node) {
3030
*/
3131
string qualifierString() { result = "Argument[-1]" }
3232

33+
/**
34+
* Language specific parts of the `PropagateToSinkConfiguration`.
35+
*/
3336
class PropagateToSinkConfigurationSpecific extends TaintTracking::Configuration {
3437
PropagateToSinkConfigurationSpecific() { this = "parameters or fields flowing into sinks" }
3538

@@ -45,12 +48,15 @@ class PropagateToSinkConfigurationSpecific extends TaintTracking::Configuration
4548
}
4649
}
4750

51+
/**
52+
* Gets the CSV input string representation of `source`.
53+
*/
4854
string asInputArgument(DataFlow::Node source) {
4955
exists(int pos |
5056
source.(DataFlow::ParameterNode).isParameterOf(_, pos) and
5157
result = "Argument[" + pos + "]"
5258
)
5359
or
5460
source.asExpr() instanceof FieldAccess and
55-
result = "Argument[-1]"
61+
result = qualifierString()
5662
}

0 commit comments

Comments
 (0)