From 1cab177f8a94d3f2c33c3f60fe04d53dcfb10f79 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 9 Dec 2021 16:09:29 +0100 Subject: [PATCH] C#: Convert System.Web.HttpUtility flow to CSV format. --- .../csharp/dataflow/LibraryTypeDataFlow.qll | 18 ----------------- .../code/csharp/frameworks/system/Web.qll | 20 +++++++++++++++++++ 2 files changed, 20 insertions(+), 18 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll index cae7cdd3709..a0939de3179 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll @@ -1965,24 +1965,6 @@ class SystemIOPathFlow extends LibraryTypeDataFlow, SystemIOPathClass { } } -/** Data flow for `System.Web.HttpUtility`. */ -class SystemWebHttpUtilityFlow extends LibraryTypeDataFlow, SystemWebHttpUtility { - override predicate callableFlow( - CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c, - boolean preservesValue - ) { - ( - c = this.getAnHtmlAttributeEncodeMethod() or - c = this.getAnHtmlEncodeMethod() or - c = this.getAJavaScriptStringEncodeMethod() or - c = this.getAnUrlEncodeMethod() - ) and - source = TCallableFlowSourceArg(0) and - sink = TCallableFlowSinkReturn() and - preservesValue = false - } -} - /** * Custom flow through `StringValues` library class. */ diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Web.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Web.qll index f50fd1cc6d7..ce2e7bee564 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/system/Web.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/system/Web.qll @@ -203,6 +203,26 @@ class SystemWebHttpUtility extends SystemWebClass { Method getAnUrlEncodeMethod() { result = this.getAMethod("UrlEncode") } } +/** Data flow for `System.Web.HttpUtility`. */ +private class SystemWebHttpUtilityFlowModelCsv extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "System.Web;HttpUtility;false;HtmlAttributeEncode;(System.String);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;HtmlAttributeEncode;(System.String,System.IO.TextWriter);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;HtmlEncode;(System.Object);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;HtmlEncode;(System.String);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;HtmlEncode;(System.String,System.IO.TextWriter);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;JavaScriptStringEncode;(System.String);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;JavaScriptStringEncode;(System.String,System.Boolean);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;UrlEncode;(System.Byte[]);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;UrlEncode;(System.Byte[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;UrlEncode;(System.String);;Argument[0];ReturnValue;taint", + "System.Web;HttpUtility;false;UrlEncode;(System.String,System.Text.Encoding);;Argument[0];ReturnValue;taint" + ] + } +} + /** The `System.Web.HttpCookie` class. */ class SystemWebHttpCookie extends SystemWebClass { SystemWebHttpCookie() { this.hasName("HttpCookie") }