зеркало из https://github.com/github/codeql.git
Merge pull request #2211 from hvitved/csharp/unsafe-deserialization
Approved by jf205
This commit is contained in:
Коммит
2b120def01
|
@ -9,7 +9,9 @@ The following changes in version 1.23 affect C# analysis in all applications.
|
|||
| **Query** | **Tags** | **Purpose** |
|
||||
|-----------------------------|-----------|--------------------------------------------------------------------|
|
||||
| Deserialized delegate (`cs/deserialized-delegate`) | security, external/cwe/cwe-502 | Finds unsafe deserialization of delegate types. |
|
||||
| Deserialization of untrusted data (`cs/unsafe-deserialization-untrusted-input`) | security, external/cwe/cwe-502 | Finds flow of untrusted input to calls to unsafe deserializers. |
|
||||
| Unsafe year argument for 'DateTime' constructor (`cs/unsafe-year-construction`) | reliability, date-time | Finds incorrect manipulation of `DateTime` values, which could lead to invalid dates. |
|
||||
| Unsafe deserializer (`cs/unsafe-deserialization`) | security, external/cwe/cwe-502 | Finds calls to unsafe deserializers. |
|
||||
| Mishandling the Japanese era start date (`cs/mishandling-japanese-era`) | reliability, date-time | Finds hard-coded Japanese era start dates that could be invalid. |
|
||||
|
||||
## Changes to existing queries
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<overview>
|
||||
|
||||
<p>Deserializing an object from untrusted input may result in security problems, such
|
||||
as denial-of-service or remote code execution.</p>
|
||||
as denial of service or remote code execution.</p>
|
||||
|
||||
</overview>
|
||||
<recommendation>
|
||||
|
|
|
@ -5,16 +5,13 @@
|
|||
* @kind problem
|
||||
* @id cs/unsafe-deserialization
|
||||
* @problem.severity warning
|
||||
* @precision low
|
||||
* @tags security
|
||||
* external/cwe/cwe-502
|
||||
*/
|
||||
|
||||
/*
|
||||
* consider: @precision low
|
||||
*/
|
||||
|
||||
import csharp
|
||||
import UnsafeDeserialization::UnsafeDeserialization
|
||||
import semmle.code.csharp.security.dataflow.UnsafeDeserialization::UnsafeDeserialization
|
||||
|
||||
from Call deserializeCall, Sink sink
|
||||
where deserializeCall.getAnArgument() = sink.asExpr()
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
<overview>
|
||||
|
||||
<p>Deserializing an object from untrusted input may result in security problems, such
|
||||
as denial-of-service or remote code execution.</p>
|
||||
as denial of service or remote code execution.</p>
|
||||
|
||||
</overview>
|
||||
<recommendation>
|
||||
|
|
|
@ -5,16 +5,13 @@
|
|||
* @kind path-problem
|
||||
* @id cs/unsafe-deserialization-untrusted-input
|
||||
* @problem.severity error
|
||||
* @precision high
|
||||
* @tags security
|
||||
* external/cwe/cwe-502
|
||||
*/
|
||||
|
||||
/*
|
||||
* consider: @precision high
|
||||
*/
|
||||
|
||||
import csharp
|
||||
import UnsafeDeserialization::UnsafeDeserialization
|
||||
import semmle.code.csharp.security.dataflow.UnsafeDeserialization::UnsafeDeserialization
|
||||
import DataFlow::PathGraph
|
||||
|
||||
from TaintTrackingConfig config, DataFlow::PathNode source, DataFlow::PathNode sink
|
||||
|
|
|
@ -6,7 +6,6 @@
|
|||
import csharp
|
||||
|
||||
module UnsafeDeserialization {
|
||||
private import semmle.code.csharp.dataflow.flowsources.Remote
|
||||
private import semmle.code.csharp.dataflow.flowsources.Remote
|
||||
private import semmle.code.csharp.serialization.Deserializers
|
||||
|
|
@ -1 +1 @@
|
|||
// semmle-extractor-options: /r:System.Runtime.Extensions.dll /r:System.IO.FileSystem.dll
|
||||
// semmle-extractor-options: /r:System.Runtime.Extensions.dll /r:System.IO.FileSystem.dll /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs
|
||||
|
|
|
@ -1,34 +0,0 @@
|
|||
// This file contains auto-generated code.
|
||||
// original-extractor-options: /r:System.Runtime.Extensions.dll /r:System.IO.FileSystem.dll
|
||||
|
||||
namespace System
|
||||
{
|
||||
namespace Web
|
||||
{
|
||||
namespace Script
|
||||
{
|
||||
namespace Serialization
|
||||
{
|
||||
// Generated from `System.Web.Script.Serialization.JavaScriptSerializer` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`
|
||||
public class JavaScriptSerializer
|
||||
{
|
||||
public JavaScriptSerializer() => throw null;
|
||||
public JavaScriptSerializer(System.Web.Script.Serialization.JavaScriptTypeResolver resolver) => throw null;
|
||||
public object DeserializeObject(string input) => throw null;
|
||||
}
|
||||
|
||||
// Generated from `System.Web.Script.Serialization.JavaScriptTypeResolver` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`
|
||||
abstract public class JavaScriptTypeResolver
|
||||
{
|
||||
}
|
||||
|
||||
// Generated from `System.Web.Script.Serialization.SimpleTypeResolver` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`
|
||||
public class SimpleTypeResolver : System.Web.Script.Serialization.JavaScriptTypeResolver
|
||||
{
|
||||
public SimpleTypeResolver() => throw null;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1 +1 @@
|
|||
// semmle-extractor-options: /r:System.Runtime.Extensions.dll /r:System.IO.FileSystem.dll
|
||||
// semmle-extractor-options: /r:System.Runtime.Extensions.dll /r:System.IO.FileSystem.dll /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs
|
||||
|
|
|
@ -1,45 +0,0 @@
|
|||
// This file contains auto-generated code.
|
||||
// original-extractor-options: /r:System.Runtime.Extensions.dll /r:System.IO.FileSystem.dll
|
||||
|
||||
namespace System
|
||||
{
|
||||
namespace Web
|
||||
{
|
||||
namespace UI
|
||||
{
|
||||
namespace WebControls
|
||||
{
|
||||
public class TextBox
|
||||
{
|
||||
public string Text { get; set; }
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
namespace Script
|
||||
{
|
||||
namespace Serialization
|
||||
{
|
||||
// Generated from `System.Web.Script.Serialization.JavaScriptSerializer` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`
|
||||
public class JavaScriptSerializer
|
||||
{
|
||||
public JavaScriptSerializer() => throw null;
|
||||
public JavaScriptSerializer(System.Web.Script.Serialization.JavaScriptTypeResolver resolver) => throw null;
|
||||
public object DeserializeObject(string input) => throw null;
|
||||
}
|
||||
|
||||
// Generated from `System.Web.Script.Serialization.JavaScriptTypeResolver` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`
|
||||
abstract public class JavaScriptTypeResolver
|
||||
{
|
||||
}
|
||||
|
||||
// Generated from `System.Web.Script.Serialization.SimpleTypeResolver` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`
|
||||
public class SimpleTypeResolver : System.Web.Script.Serialization.JavaScriptTypeResolver
|
||||
{
|
||||
public SimpleTypeResolver() => throw null;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
|
@ -346,3 +346,25 @@ namespace System.Web.Helpers
|
|||
public static void Validate() { }
|
||||
}
|
||||
}
|
||||
|
||||
namespace System.Web.Script.Serialization
|
||||
{
|
||||
// Generated from `System.Web.Script.Serialization.JavaScriptSerializer` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`
|
||||
public class JavaScriptSerializer
|
||||
{
|
||||
public JavaScriptSerializer() => throw null;
|
||||
public JavaScriptSerializer(System.Web.Script.Serialization.JavaScriptTypeResolver resolver) => throw null;
|
||||
public object DeserializeObject(string input) => throw null;
|
||||
}
|
||||
|
||||
// Generated from `System.Web.Script.Serialization.JavaScriptTypeResolver` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`
|
||||
abstract public class JavaScriptTypeResolver
|
||||
{
|
||||
}
|
||||
|
||||
// Generated from `System.Web.Script.Serialization.SimpleTypeResolver` in `System.Web.Extensions, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35`
|
||||
public class SimpleTypeResolver : System.Web.Script.Serialization.JavaScriptTypeResolver
|
||||
{
|
||||
public SimpleTypeResolver() => throw null;
|
||||
}
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче