Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit e3a5f7b

Browse files
michaelnebelmichaelnebel
committed
C#: Introduce provenance column in CSV format for Models as data summaries, sources and sinks.
1 parent fc7e0ec commit e3a5f7b

2 files changed

Lines changed: 26 additions & 20 deletions

File tree

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

Lines changed: 22 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -163,11 +163,11 @@ private predicate sinkModel(string row) { any(SinkModelCsv s).row(row) }
163163

164164
private predicate summaryModel(string row) { any(SummaryModelCsv s).row(row) }
165165

166-
bindingset[input]
167-
private predicate getKind(string input, string kind, boolean generated) {
168-
input.splitAt(":", 0) = "generated" and kind = input.splitAt(":", 1) and generated = true
166+
bindingset[provenance]
167+
private boolean isGenerated(string provenance) {
168+
provenance = "generated" and result = true
169169
or
170-
not input.matches("%:%") and kind = input and generated = false
170+
provenance != "generated" and result = false
171171
}
172172

173173
/** Holds if a source model exists for the given parameters. */
@@ -185,7 +185,10 @@ predicate sourceModel(
185185
row.splitAt(";", 4) = signature and
186186
row.splitAt(";", 5) = ext and
187187
row.splitAt(";", 6) = output and
188-
exists(string k | row.splitAt(";", 7) = k and getKind(k, kind, generated))
188+
row.splitAt(";", 7) = kind and
189+
exists(string provenance |
190+
row.splitAt(";", 8) = provenance and generated = isGenerated(provenance)
191+
)
189192
)
190193
}
191194

@@ -204,7 +207,10 @@ predicate sinkModel(
204207
row.splitAt(";", 4) = signature and
205208
row.splitAt(";", 5) = ext and
206209
row.splitAt(";", 6) = input and
207-
exists(string k | row.splitAt(";", 7) = k and getKind(k, kind, generated))
210+
row.splitAt(";", 7) = kind and
211+
exists(string provenance |
212+
row.splitAt(";", 8) = provenance and generated = isGenerated(provenance)
213+
)
208214
)
209215
}
210216

@@ -224,7 +230,10 @@ predicate summaryModel(
224230
row.splitAt(";", 5) = ext and
225231
row.splitAt(";", 6) = input and
226232
row.splitAt(";", 7) = output and
227-
exists(string k | row.splitAt(";", 8) = k and getKind(k, kind, generated))
233+
row.splitAt(";", 8) = kind and
234+
exists(string provenance |
235+
row.splitAt(";", 9) = provenance and generated = isGenerated(provenance)
236+
)
228237
)
229238
}
230239

@@ -359,23 +368,20 @@ module CsvValidation {
359368
)
360369
)
361370
or
362-
exists(string row, string k, string kind | summaryModel(row) |
363-
k = row.splitAt(";", 8) and
364-
getKind(k, kind, _) and
371+
exists(string row, string kind | summaryModel(row) |
372+
kind = row.splitAt(";", 8) and
365373
not kind = ["taint", "value"] and
366374
msg = "Invalid kind \"" + kind + "\" in summary model."
367375
)
368376
or
369-
exists(string row, string k, string kind | sinkModel(row) |
370-
k = row.splitAt(";", 7) and
371-
getKind(k, kind, _) and
377+
exists(string row, string kind | sinkModel(row) |
378+
kind = row.splitAt(";", 7) and
372379
not kind = ["code", "sql", "xss", "remote", "html"] and
373380
msg = "Invalid kind \"" + kind + "\" in sink model."
374381
)
375382
or
376-
exists(string row, string k, string kind | sourceModel(row) |
377-
k = row.splitAt(";", 7) and
378-
getKind(k, kind, _) and
383+
exists(string row, string kind | sourceModel(row) |
384+
kind = row.splitAt(";", 7) and
379385
not kind = "local" and
380386
msg = "Invalid kind \"" + kind + "\" in source model."
381387
)

csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ql

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,10 +31,10 @@ class SummaryModelTest extends SummaryModelCsv {
3131
"My.Qltest;D;false;Parse;(System.String,System.Int32);;Argument[0];Argument[1];taint",
3232
"My.Qltest;E;true;get_MyProp;();;Argument[Qualifier].Field[My.Qltest.E.MyField];ReturnValue;value",
3333
"My.Qltest;E;true;set_MyProp;(System.Object);;Argument[0];Argument[Qualifier].Field[My.Qltest.E.MyField];value",
34-
"My.Qltest;G;false;GeneratedFlow;(System.Object);;Argument[0];ReturnValue;generated:value",
35-
"My.Qltest;G;false;GeneratedFlowArgs;(System.Object,System.Object);;Argument[0];ReturnValue;generated:value",
36-
"My.Qltest;G;false;GeneratedFlowArgs;(System.Object,System.Object);;Argument[1];ReturnValue;generated:value",
37-
"My.Qltest;G;false;MixedFlowArgs;(System.Object,System.Object);;Argument[0];ReturnValue;generated:value",
34+
"My.Qltest;G;false;GeneratedFlow;(System.Object);;Argument[0];ReturnValue;value;generated",
35+
"My.Qltest;G;false;GeneratedFlowArgs;(System.Object,System.Object);;Argument[0];ReturnValue;value;generated",
36+
"My.Qltest;G;false;GeneratedFlowArgs;(System.Object,System.Object);;Argument[1];ReturnValue;value;generated",
37+
"My.Qltest;G;false;MixedFlowArgs;(System.Object,System.Object);;Argument[0];ReturnValue;value;generated",
3838
"My.Qltest;G;false;MixedFlowArgs;(System.Object,System.Object);;Argument[1];ReturnValue;value",
3939
]
4040
}

0 commit comments

Comments
 (0)