Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit b7a43dc

Browse files
tamasvajktamasvajk
committed
C#: Migrate System.Int32 flow summaries to CSV
1 parent a9ccd65 commit b7a43dc

3 files changed

Lines changed: 18 additions & 23 deletions

File tree

csharp/ql/src/semmle/code/csharp/dataflow/ExternalFlow.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -86,6 +86,7 @@ private import internal.FlowSummaryImplSpecific
8686
private module Frameworks {
8787
private import semmle.code.csharp.security.dataflow.flowsources.Local
8888
private import semmle.code.csharp.security.dataflow.flowsinks.Html
89+
private import semmle.code.csharp.dataflow.LibraryTypeDataFlow
8990
}
9091

9192
/**

csharp/ql/src/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll

Lines changed: 12 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ private import semmle.code.csharp.dataflow.internal.DelegateDataFlow
2323
private import semmle.code.csharp.frameworks.EntityFramework
2424
private import semmle.code.csharp.frameworks.JsonNET
2525
private import FlowSummary
26+
private import semmle.code.csharp.dataflow.ExternalFlow
2627

2728
private newtype TAccessPath =
2829
TNilAccessPath() or
@@ -500,29 +501,17 @@ private module FrameworkDataFlowAdaptor {
500501
}
501502

502503
/** Data flow for `System.Int32`. */
503-
class SystemInt32Flow extends LibraryTypeDataFlow, SystemInt32Struct {
504-
override predicate callableFlow(
505-
CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
506-
boolean preservesValue
507-
) {
508-
methodFlow(source, sink, c) and
509-
preservesValue = false
510-
}
511-
512-
private predicate methodFlow(
513-
CallableFlowSource source, CallableFlowSink sink, SourceDeclarationMethod m
514-
) {
515-
m = getParseMethod() and
516-
source = TCallableFlowSourceArg(0) and
517-
sink = TCallableFlowSinkReturn()
518-
or
519-
m = getTryParseMethod() and
520-
source = TCallableFlowSourceArg(0) and
521-
(
522-
sink = TCallableFlowSinkReturn()
523-
or
524-
sink = TCallableFlowSinkArg(any(int i | m.getParameter(i).isOutOrRef()))
525-
)
504+
private class SystemInt32FlowModelCsv extends SummaryModelCsv {
505+
override predicate row(string row) {
506+
row =
507+
[
508+
"System;Int32;false;Parse;;;Argument[0];ReturnValue;taint",
509+
"System;Int32;false;TryParse;;;Argument[0];ReturnValue;taint",
510+
"System;Int32;false;TryParse;(System.String,System.Int32);;Argument[0];Argument[1];taint",
511+
"System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Int32);;Argument[0];Argument[1];taint",
512+
"System;Int32;false;TryParse;(System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Argument[0];Argument[3];taint",
513+
"System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Argument[0];Argument[3];taint"
514+
]
526515
}
527516
}
528517

csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1217,10 +1217,15 @@
12171217
| System.IO.UnmanagedMemoryStreamWrapper.ToArray() | argument -1 -> return (normal) | false |
12181218
| System.IO.UnmanagedMemoryStreamWrapper.Write(Byte[], int, int) | argument 0 -> argument -1 | false |
12191219
| System.IO.UnmanagedMemoryStreamWrapper.WriteAsync(Byte[], int, int, CancellationToken) | argument 0 -> argument -1 | false |
1220+
| System.Int32.Parse(ReadOnlySpan<Char>, NumberStyles, IFormatProvider) | argument 0 -> return (normal) | false |
12201221
| System.Int32.Parse(string) | argument 0 -> return (normal) | false |
12211222
| System.Int32.Parse(string, IFormatProvider) | argument 0 -> return (normal) | false |
12221223
| System.Int32.Parse(string, NumberStyles) | argument 0 -> return (normal) | false |
12231224
| System.Int32.Parse(string, NumberStyles, IFormatProvider) | argument 0 -> return (normal) | false |
1225+
| System.Int32.TryParse(ReadOnlySpan<Char>, NumberStyles, IFormatProvider, out int) | argument 0 -> argument 3 | false |
1226+
| System.Int32.TryParse(ReadOnlySpan<Char>, NumberStyles, IFormatProvider, out int) | argument 0 -> return (normal) | false |
1227+
| System.Int32.TryParse(ReadOnlySpan<Char>, out int) | argument 0 -> argument 1 | false |
1228+
| System.Int32.TryParse(ReadOnlySpan<Char>, out int) | argument 0 -> return (normal) | false |
12241229
| System.Int32.TryParse(string, NumberStyles, IFormatProvider, out int) | argument 0 -> argument 3 | false |
12251230
| System.Int32.TryParse(string, NumberStyles, IFormatProvider, out int) | argument 0 -> return (normal) | false |
12261231
| System.Int32.TryParse(string, out int) | argument 0 -> argument 1 | false |

0 commit comments

Comments
 (0)