Add Console.ReadLine as a taint source (#210)

* partial progress * progress * progress * progress * fix * add another example * further progress * formatting fix * fixes * undo removal of comment * example null deref * comment edit * progress * progress * fix * add ldlen test * add unit test for this * minor edits * fix test * edit test * fix * bug fix * updated expected counts * progress * translation and tests * bug fix * add constrained * progress * write warning instead * bug fix * fix bug * undo debug stuff * typo * fix * remove stash markers * testclass introduction of bug fix * doc fix * undo regular control flow from throw through finally * remove unecessary method * fix to inferconfig * update --------- Co-authored-by: Xiaoyu Liu <lixiaoyu@microsoft.com>
2023-03-03 10:48:12 -08:00 · 2023-03-03 10:48:12 -08:00 · fe1eb37089
--- a/.inferconfig
+++ b/.inferconfig
@ -49,6 +49,10 @@
    { "class_names": ["System.Web.UI.WebControls.TextBox", "System.Windows.Forms.TextBox"],
      "method_names": ["get_Text"],
      "kinds": ["UserControlledString"]
+    },
+    { "class_names": ["System.Console"],
+      "method_names": ["ReadLine"],
+      "kinds": ["UserControlledString"]
    }
  ],
  "pulse-taint-sinks": [
--- a/Cilsil/Cil/Parsers/LeaveParser.cs
+++ b/Cilsil/Cil/Parsers/LeaveParser.cs
@ -87,8 +87,8 @@ namespace Cilsil.Cil.Parsers
                        exceptionType, state);
                    state.PreviousNode.Instructions.Add(memoryAllocationCall);
                    var rethrowNode = CreateExceptionReturnNode(state,
-                                        objectVariable,
-                                        state.CurrentLocation);
+                                                                objectVariable,
+                                                                state.CurrentLocation);
                    HandleFinallyControlFlowForThrow(state, instruction, rethrowNode);
                    return true;
                default:
--- a/Cilsil/Cil/Parsers/NewobjParser.cs
+++ b/Cilsil/Cil/Parsers/NewobjParser.cs
@ -51,13 +51,13 @@ namespace Cilsil.Cil.Parsers

                    // Represents constructor call; we discard the return var as it's not needed.
                    CreateMethodCall(state,
-                                     false,
-                                     constructorMethod,
-                                     out _,
-                                     out _,
-                                     out _,
-                                     out var constructorCall,
-                                     isConstructorCall: true);
+                                        false,
+                                        constructorMethod,
+                                        out _,
+                                        out _,
+                                        out _,
+                                        out var constructorCall,
+                                        isConstructorCall: true);

                    var newNode = new StatementNode(location: state.CurrentLocation,
                                                    kind: StatementNode.StatementNodeKind.Call,
--- a/Cilsil/idisposableTenv.json
+++ b/Cilsil/idisposableTenv.json
--- a/Examples/proj/Program.cs
+++ b/Examples/proj/Program.cs
@ -39,6 +39,12 @@ public class IsDisposedBooleanField : IDisposable
 // Expect 5 TAINT_ERROR for SQL injection flows.
 public class PulseTaintTests
 {
+    static void sqlBadConsoleReadLine()
+    {
+        var input = Console.ReadLine();
+        subproj.WeatherForecast.runSqlCommandBad(input);
+    }
+    
    [HttpPost]
    static void sqlBadInt(int InputParameter)
    {