From 585fb9db7ee9e6780f503d7f4c4b9e828634faa3 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Wed, 13 Sep 2023 13:12:55 +0200 Subject: [PATCH 01/22] C#: Add VS Code model editor queries --- .../src/utils/modeleditor/AutomodelVsCode.qll | 176 ++++++++++++++++++ .../FetchApplicationModeMethods.ql | 32 ++++ .../modeleditor/FetchFrameworkModeMethods.ql | 25 +++ .../FetchApplicationModeMethods.expected | 8 + .../FetchApplicationModeMethods.qlref | 1 + .../FetchFrameworkModeMethods.expected | 5 + .../FetchFrameworkModeMethods.qlref | 1 + .../test/utils/modeleditor/NonPublicClass.cs | 11 ++ .../ql/test/utils/modeleditor/PublicClass.cs | 26 +++ .../test/utils/modeleditor/PublicInterface.cs | 13 ++ .../suite-helpers/code-scanning-selectors.yml | 1 + .../security-and-quality-selectors.yml | 1 + .../security-experimental-selectors.yml | 1 + .../security-extended-selectors.yml | 1 + 14 files changed, 302 insertions(+) create mode 100644 csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll create mode 100644 csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql create mode 100644 csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql create mode 100644 csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected create mode 100644 csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.qlref create mode 100644 csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected create mode 100644 csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.qlref create mode 100644 csharp/ql/test/utils/modeleditor/NonPublicClass.cs create mode 100644 csharp/ql/test/utils/modeleditor/PublicClass.cs create mode 100644 csharp/ql/test/utils/modeleditor/PublicInterface.cs diff --git a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll new file mode 100644 index 000000000000..09c33fafa5ef --- /dev/null +++ b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll @@ -0,0 +1,176 @@ +/** Provides classes and predicates related to handling APIs for the VS Code extension. */ + +private import csharp +private import dotnet +private import semmle.code.csharp.dispatch.Dispatch +private import semmle.code.csharp.dataflow.ExternalFlow +private import semmle.code.csharp.dataflow.FlowSummary +private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon +private import semmle.code.csharp.dataflow.internal.DataFlowPrivate +private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch +private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl +private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate +private import semmle.code.csharp.frameworks.Test +private import semmle.code.csharp.security.dataflow.flowsources.Remote + +pragma[nomagic] +private predicate isTestNamespace(Namespace ns) { + ns.getFullName() + .matches([ + "NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%", "Moq%" + ]) +} + +/** + * A test library. + */ +class TestLibrary extends RefType { + TestLibrary() { isTestNamespace(this.getNamespace()) } +} + +/** Holds if the given callable is not worth supporting. */ +private predicate isUninteresting(DotNet::Declaration c) { + c.getDeclaringType() instanceof TestLibrary or + c.(Constructor).isParameterless() or + c.getDeclaringType() instanceof AnonymousClass +} + +/** + * An callable method from either the C# Standard Library, a 3rd party library, or from the source. + */ +class CallableMethod extends DotNet::Declaration { + CallableMethod() { + this.(Modifiable).isEffectivelyPublic() and + not isUninteresting(this) + } + + /** + * Gets the unbound type, name and parameter types of this API. + */ + bindingset[this] + private string getSignature() { + result = + nestedName(this.getDeclaringType().getUnboundDeclaration()) + "#" + this.getName() + "(" + + parameterQualifiedTypeNamesToString(this) + ")" + } + + /** + * Gets the namespace of this API. + */ + bindingset[this] + string getNamespace() { this.getDeclaringType().hasQualifiedName(result, _) } + + /** + * Gets the namespace and signature of this API. + */ + bindingset[this] + string getApiName() { result = this.getNamespace() + "." + this.getSignature() } + + private string getDllName() { result = this.getLocation().(Assembly).getName() } + + private string getDllVersion() { result = this.getLocation().(Assembly).getVersion().toString() } + + string dllName() { + result = this.getDllName() + or + not exists(this.getDllName()) and result = this.getFile().getBaseName() + } + + string dllVersion() { + result = this.getDllVersion() + or + not exists(this.getDllVersion()) and result = "" + } + + /** Gets a node that is an input to a call to this API. */ + private ArgumentNode getAnInput() { + result + .getCall() + .(DataFlowDispatch::NonDelegateDataFlowCall) + .getATarget(_) + .getUnboundDeclaration() = this + } + + /** Gets a node that is an output from a call to this API. */ + private DataFlow::Node getAnOutput() { + exists( + Call c, DataFlowDispatch::NonDelegateDataFlowCall dc, DataFlowImplCommon::ReturnKindExt ret + | + dc.getDispatchCall().getCall() = c and + c.getTarget().getUnboundDeclaration() = this + | + result = ret.getAnOutNode(dc) + ) + } + + /** Holds if this API has a supported summary. */ + pragma[nomagic] + predicate hasSummary() { + this instanceof SummarizedCallable + or + defaultAdditionalTaintStep(this.getAnInput(), _) + } + + /** Holds if this API is a known source. */ + pragma[nomagic] + predicate isSource() { + this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _) + } + + /** Holds if this API is a known sink. */ + pragma[nomagic] + predicate isSink() { sinkNode(this.getAnInput(), _) } + + /** Holds if this API is a known neutral. */ + pragma[nomagic] + predicate isNeutral() { this instanceof FlowSummaryImpl::Public::NeutralCallable } + + /** + * Holds if this API is supported by existing CodeQL libraries, that is, it is either a + * recognized source, sink or neutral or it has a flow summary. + */ + predicate isSupported() { + this.hasSummary() or this.isSource() or this.isSink() or this.isNeutral() + } +} + +boolean isSupported(CallableMethod callableMethod) { + callableMethod.isSupported() and result = true + or + not callableMethod.isSupported() and + result = false +} + +string supportedType(CallableMethod method) { + method.isSink() and result = "sink" + or + method.isSource() and result = "source" + or + method.hasSummary() and result = "summary" + or + method.isNeutral() and result = "neutral" + or + not method.isSupported() and result = "" +} + +string methodClassification(Call method) { + method.getFile() instanceof TestFile and result = "test" + or + not method.getFile() instanceof TestFile and + result = "source" +} + +/** + * Gets the nested name of the declaration. + * + * If the declaration is not a nested type, the result is the same as `getName()`. + * Otherwise the name of the nested type is prefixed with a `+` and appended to + * the name of the enclosing type, which might be a nested type as well. + */ +private string nestedName(Declaration declaration) { + not exists(declaration.getDeclaringType().getUnboundDeclaration()) and + result = declaration.getName() + or + nestedName(declaration.getDeclaringType().getUnboundDeclaration()) + "+" + declaration.getName() = + result +} diff --git a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql new file mode 100644 index 000000000000..434684b7b879 --- /dev/null +++ b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql @@ -0,0 +1,32 @@ +/** + * @name Fetch model editor methods (application mode) + * @description A list of 3rd party APIs used in the codebase. Excludes test and generated code. + * @kind problem + * @problem.severity recommendation + * @id csharp/utils/modeleditor/fetch-application-mode-methods + * @tags modeleditor fetch methods application-mode + */ + +private import csharp +private import AutomodelVsCode + +class ExternalApi extends CallableMethod { + ExternalApi() { + this.isUnboundDeclaration() and + this.fromLibrary() and + this.(Modifiable).isEffectivelyPublic() + } +} + +private Call aUsage(ExternalApi api) { result.getTarget().getUnboundDeclaration() = api } + +from + ExternalApi api, string apiName, boolean supported, Call usage, string type, string classification +where + apiName = api.getApiName() and + supported = isSupported(api) and + usage = aUsage(api) and + type = supportedType(api) and + classification = methodClassification(usage) +select usage, apiName, supported.toString(), "supported", api.dllName(), api.dllVersion(), type, + "type", classification, "classification" diff --git a/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql b/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql new file mode 100644 index 000000000000..1371749d12d1 --- /dev/null +++ b/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql @@ -0,0 +1,25 @@ +/** + * @name Fetch model editor methods (framework mode) + * @description A list of APIs callable by consumers. Excludes test and generated code. + * @kind problem + * @problem.severity recommendation + * @id csharp/utils/modeleditor/fetch-framework-mode-methods + * @tags modeleditor fetch methods framework-mode + */ + +private import csharp +private import dotnet +private import semmle.code.csharp.frameworks.Test +private import AutomodelVsCode + +class PublicMethod extends CallableMethod { + PublicMethod() { this.fromSource() and not this.getFile() instanceof TestFile } +} + +from PublicMethod publicMethod, string apiName, boolean supported, string type +where + apiName = publicMethod.getApiName() and + supported = isSupported(publicMethod) and + type = supportedType(publicMethod) +select publicMethod, apiName, supported.toString(), "supported", + publicMethod.getFile().getBaseName(), "library", type, "type", "unknown", "classification" diff --git a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected new file mode 100644 index 000000000000..2423ed138878 --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected @@ -0,0 +1,8 @@ +| NonPublicClass.cs:9:9:9:31 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicClass.cs:9:9:9:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicClass.cs:14:9:14:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicClass.cs:19:9:19:51 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | source | type | source | classification | +| PublicClass.cs:24:9:24:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicInterface.cs:11:9:11:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | diff --git a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.qlref b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.qlref new file mode 100644 index 000000000000..9d2454657314 --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.qlref @@ -0,0 +1 @@ +utils/modeleditor/FetchApplicationModeMethods.ql \ No newline at end of file diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected new file mode 100644 index 000000000000..f1e64507d982 --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected @@ -0,0 +1,5 @@ +| PublicClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicClass#stuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicClass.cs:12:24:12:34 | staticStuff | GitHub.CodeQL.PublicClass#staticStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicClass.cs:17:20:17:33 | nonPublicStuff | GitHub.CodeQL.PublicClass#nonPublicStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicInterface#stuff(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | +| PublicInterface.cs:9:17:9:27 | staticStuff | GitHub.CodeQL.PublicInterface#staticStuff(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.qlref b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.qlref new file mode 100644 index 000000000000..39bdee5a08d5 --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.qlref @@ -0,0 +1 @@ +utils/modeleditor/FetchFrameworkModeMethods.ql \ No newline at end of file diff --git a/csharp/ql/test/utils/modeleditor/NonPublicClass.cs b/csharp/ql/test/utils/modeleditor/NonPublicClass.cs new file mode 100644 index 000000000000..f2550bc81c68 --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/NonPublicClass.cs @@ -0,0 +1,11 @@ +using System; + +namespace GitHub.CodeQL; + +class NonPublicClass +{ + public void noCandidates(String here) + { + Console.WriteLine(here); + } +} diff --git a/csharp/ql/test/utils/modeleditor/PublicClass.cs b/csharp/ql/test/utils/modeleditor/PublicClass.cs new file mode 100644 index 000000000000..06090e228a5a --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/PublicClass.cs @@ -0,0 +1,26 @@ +using System; + +namespace GitHub.CodeQL; + +public class PublicClass +{ + public void stuff(String arg) + { + Console.WriteLine(arg); + } + + public static void staticStuff(String arg) + { + Console.WriteLine(arg); + } + + protected void nonPublicStuff(String arg) + { + Console.WriteLine(arg + Console.ReadLine()); + } + + internal void internalStuff(String arg) + { + Console.WriteLine(arg); + } +} diff --git a/csharp/ql/test/utils/modeleditor/PublicInterface.cs b/csharp/ql/test/utils/modeleditor/PublicInterface.cs new file mode 100644 index 000000000000..d3248702f6c9 --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/PublicInterface.cs @@ -0,0 +1,13 @@ +using System; + +namespace GitHub.CodeQL; + +public interface PublicInterface +{ + void stuff(String arg); + + static void staticStuff(String arg) + { + Console.WriteLine(arg); + } +} diff --git a/misc/suite-helpers/code-scanning-selectors.yml b/misc/suite-helpers/code-scanning-selectors.yml index a237728316b9..37f4243fc6ac 100644 --- a/misc/suite-helpers/code-scanning-selectors.yml +++ b/misc/suite-helpers/code-scanning-selectors.yml @@ -30,4 +30,5 @@ - /Diagnostics/Internal/.*/ - exclude: tags contain: + - modeleditor - modelgenerator diff --git a/misc/suite-helpers/security-and-quality-selectors.yml b/misc/suite-helpers/security-and-quality-selectors.yml index 90a22352b80d..da45710e0b76 100644 --- a/misc/suite-helpers/security-and-quality-selectors.yml +++ b/misc/suite-helpers/security-and-quality-selectors.yml @@ -31,4 +31,5 @@ - /Diagnostics/Internal/.*/ - exclude: tags contain: + - modeleditor - modelgenerator diff --git a/misc/suite-helpers/security-experimental-selectors.yml b/misc/suite-helpers/security-experimental-selectors.yml index 1ea42707b751..cf881a864f95 100644 --- a/misc/suite-helpers/security-experimental-selectors.yml +++ b/misc/suite-helpers/security-experimental-selectors.yml @@ -42,4 +42,5 @@ - /Diagnostics/Internal/.*/ - exclude: tags contain: + - modeleditor - model-generator diff --git a/misc/suite-helpers/security-extended-selectors.yml b/misc/suite-helpers/security-extended-selectors.yml index aff154d0d306..8e5845b70e65 100644 --- a/misc/suite-helpers/security-extended-selectors.yml +++ b/misc/suite-helpers/security-extended-selectors.yml @@ -36,4 +36,5 @@ - /Diagnostics/Internal/.*/ - exclude: tags contain: + - modeleditor - modelgenerator From 0cc74a2691d6d19186dcc8ef3f105b71ebd6b179 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 13:33:49 +0200 Subject: [PATCH 02/22] C#: Extract TestLibrary to separate module --- csharp/ql/src/Telemetry/ExternalApi.qll | 15 +-------------- csharp/ql/src/Telemetry/TestLibrary.qll | 17 +++++++++++++++++ .../src/utils/modeleditor/AutomodelVsCode.qll | 15 +-------------- 3 files changed, 19 insertions(+), 28 deletions(-) create mode 100644 csharp/ql/src/Telemetry/TestLibrary.qll diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll index 7be4f1048370..367695243799 100644 --- a/csharp/ql/src/Telemetry/ExternalApi.qll +++ b/csharp/ql/src/Telemetry/ExternalApi.qll @@ -12,20 +12,7 @@ private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSumma private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate private import semmle.code.csharp.security.dataflow.flowsources.Remote -pragma[nomagic] -private predicate isTestNamespace(Namespace ns) { - ns.getFullName() - .matches([ - "NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%", "Moq%" - ]) -} - -/** - * A test library. - */ -class TestLibrary extends RefType { - TestLibrary() { isTestNamespace(this.getNamespace()) } -} +private import TestLibrary /** Holds if the given callable is not worth supporting. */ private predicate isUninteresting(DotNet::Callable c) { diff --git a/csharp/ql/src/Telemetry/TestLibrary.qll b/csharp/ql/src/Telemetry/TestLibrary.qll new file mode 100644 index 000000000000..deca6d79bec1 --- /dev/null +++ b/csharp/ql/src/Telemetry/TestLibrary.qll @@ -0,0 +1,17 @@ +private import csharp +private import dotnet + +pragma[nomagic] +private predicate isTestNamespace(Namespace ns) { + ns.getFullName() + .matches([ + "NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%", "Moq%" + ]) +} + +/** + * A test library. + */ +class TestLibrary extends RefType { + TestLibrary() { isTestNamespace(this.getNamespace()) } +} diff --git a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll index 09c33fafa5ef..1516c466473c 100644 --- a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll +++ b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll @@ -13,20 +13,7 @@ private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate private import semmle.code.csharp.frameworks.Test private import semmle.code.csharp.security.dataflow.flowsources.Remote -pragma[nomagic] -private predicate isTestNamespace(Namespace ns) { - ns.getFullName() - .matches([ - "NUnit.Framework%", "Xunit%", "Microsoft.VisualStudio.TestTools.UnitTesting%", "Moq%" - ]) -} - -/** - * A test library. - */ -class TestLibrary extends RefType { - TestLibrary() { isTestNamespace(this.getNamespace()) } -} +private import Telemetry.TestLibrary /** Holds if the given callable is not worth supporting. */ private predicate isUninteresting(DotNet::Declaration c) { From e524e358f0359e55a1af87289ec9c24830cd20e5 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 13:39:44 +0200 Subject: [PATCH 03/22] C#: Check accessor declaration for publicness --- csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll | 2 +- .../utils/modeleditor/FetchApplicationModeMethods.expected | 2 +- .../utils/modeleditor/FetchFrameworkModeMethods.expected | 6 +++++- csharp/ql/test/utils/modeleditor/PublicClass.cs | 4 +++- csharp/ql/test/utils/modeleditor/PublicInterface.cs | 2 ++ 5 files changed, 12 insertions(+), 4 deletions(-) diff --git a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll index 1516c466473c..10227723d322 100644 --- a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll +++ b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll @@ -27,7 +27,7 @@ private predicate isUninteresting(DotNet::Declaration c) { */ class CallableMethod extends DotNet::Declaration { CallableMethod() { - this.(Modifiable).isEffectivelyPublic() and + [this.(Modifiable), this.(Accessor).getDeclaration()].isEffectivelyPublic() and not isUninteresting(this) } diff --git a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected index 2423ed138878..827a0335cae8 100644 --- a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected +++ b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected @@ -5,4 +5,4 @@ | PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | | PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | source | type | source | classification | | PublicClass.cs:24:9:24:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicInterface.cs:11:9:11:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected index f1e64507d982..2d8d2b1cc5c5 100644 --- a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected +++ b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected @@ -1,5 +1,9 @@ | PublicClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicClass#stuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | | PublicClass.cs:12:24:12:34 | staticStuff | GitHub.CodeQL.PublicClass#staticStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | | PublicClass.cs:17:20:17:33 | nonPublicStuff | GitHub.CodeQL.PublicClass#nonPublicStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicClass.cs:27:45:27:47 | get_PublicProperty | GitHub.CodeQL.PublicClass#get_PublicProperty() | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicClass.cs:27:50:27:52 | set_PublicProperty | GitHub.CodeQL.PublicClass#set_PublicProperty(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | | PublicInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicInterface#stuff(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | -| PublicInterface.cs:9:17:9:27 | staticStuff | GitHub.CodeQL.PublicInterface#staticStuff(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | +| PublicInterface.cs:9:29:9:31 | get_PublicProperty | GitHub.CodeQL.PublicInterface#get_PublicProperty() | false | supported | PublicInterface.cs | library | | type | unknown | classification | +| PublicInterface.cs:9:34:9:36 | set_PublicProperty | GitHub.CodeQL.PublicInterface#set_PublicProperty(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | +| PublicInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicInterface#staticStuff(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | diff --git a/csharp/ql/test/utils/modeleditor/PublicClass.cs b/csharp/ql/test/utils/modeleditor/PublicClass.cs index 06090e228a5a..dd5383a627de 100644 --- a/csharp/ql/test/utils/modeleditor/PublicClass.cs +++ b/csharp/ql/test/utils/modeleditor/PublicClass.cs @@ -2,7 +2,7 @@ namespace GitHub.CodeQL; -public class PublicClass +public class PublicClass : PublicInterface { public void stuff(String arg) { @@ -23,4 +23,6 @@ internal void internalStuff(String arg) { Console.WriteLine(arg); } + + string PublicInterface.PublicProperty { get; set; } } diff --git a/csharp/ql/test/utils/modeleditor/PublicInterface.cs b/csharp/ql/test/utils/modeleditor/PublicInterface.cs index d3248702f6c9..e6d81703769c 100644 --- a/csharp/ql/test/utils/modeleditor/PublicInterface.cs +++ b/csharp/ql/test/utils/modeleditor/PublicInterface.cs @@ -6,6 +6,8 @@ public interface PublicInterface { void stuff(String arg); + string PublicProperty { get; set; } + static void staticStuff(String arg) { Console.WriteLine(arg); From ff2cef3d6bd4e883498bcd1c0d18640aa510733a Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 13:44:32 +0200 Subject: [PATCH 04/22] C#: Switch from Declaration to Callable --- csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll index 10227723d322..04b3365d36d0 100644 --- a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll +++ b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll @@ -16,7 +16,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote private import Telemetry.TestLibrary /** Holds if the given callable is not worth supporting. */ -private predicate isUninteresting(DotNet::Declaration c) { +private predicate isUninteresting(DotNet::Callable c) { c.getDeclaringType() instanceof TestLibrary or c.(Constructor).isParameterless() or c.getDeclaringType() instanceof AnonymousClass @@ -25,7 +25,7 @@ private predicate isUninteresting(DotNet::Declaration c) { /** * An callable method from either the C# Standard Library, a 3rd party library, or from the source. */ -class CallableMethod extends DotNet::Declaration { +class CallableMethod extends DotNet::Callable { CallableMethod() { [this.(Modifiable), this.(Accessor).getDeclaration()].isEffectivelyPublic() and not isUninteresting(this) From 8472b84cad8e6f534711bddbb082d6324c75244e Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 13:49:16 +0200 Subject: [PATCH 05/22] C#: Remove unnecessary isEffectivelyPublic predicate --- csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql index 434684b7b879..d57f1f5e0ca0 100644 --- a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql +++ b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql @@ -13,8 +13,7 @@ private import AutomodelVsCode class ExternalApi extends CallableMethod { ExternalApi() { this.isUnboundDeclaration() and - this.fromLibrary() and - this.(Modifiable).isEffectivelyPublic() + this.fromLibrary() } } From f468b2a3d149675a30213d56db3bc49a957831e7 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 14:58:20 +0200 Subject: [PATCH 06/22] C#: Add tests for generic interfaces/classes/methods --- .../FetchApplicationModeMethods.expected | 3 +++ .../FetchFrameworkModeMethods.expected | 8 ++++++++ .../test/utils/modeleditor/PublicGenericClass.cs | 16 ++++++++++++++++ .../utils/modeleditor/PublicGenericInterface.cs | 15 +++++++++++++++ 4 files changed, 42 insertions(+) create mode 100644 csharp/ql/test/utils/modeleditor/PublicGenericClass.cs create mode 100644 csharp/ql/test/utils/modeleditor/PublicGenericInterface.cs diff --git a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected index 827a0335cae8..87a66a7e6a13 100644 --- a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected +++ b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected @@ -5,4 +5,7 @@ | PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | | PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | source | type | source | classification | | PublicClass.cs:24:9:24:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicGenericClass.cs:9:9:9:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicGenericClass.cs:14:9:14:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicGenericInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | | PublicInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected index 2d8d2b1cc5c5..e8eddfca5274 100644 --- a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected +++ b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected @@ -3,6 +3,14 @@ | PublicClass.cs:17:20:17:33 | nonPublicStuff | GitHub.CodeQL.PublicClass#nonPublicStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | | PublicClass.cs:27:45:27:47 | get_PublicProperty | GitHub.CodeQL.PublicClass#get_PublicProperty() | false | supported | PublicClass.cs | library | | type | unknown | classification | | PublicClass.cs:27:50:27:52 | set_PublicProperty | GitHub.CodeQL.PublicClass#set_PublicProperty(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicGenericClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicGenericClass<,>#stuff(T) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | +| PublicGenericClass.cs:12:17:12:26 | stuff2<> | GitHub.CodeQL.PublicGenericClass<,>#stuff2<>(T2) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | +| PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicGenericInterface<>#stuff(T) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | +| PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicGenericInterface<>#stuff(T) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | +| PublicGenericInterface.cs:9:10:9:19 | stuff2<> | GitHub.CodeQL.PublicGenericInterface<>#stuff2<>(T2) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | +| PublicGenericInterface.cs:9:10:9:19 | stuff2<> | GitHub.CodeQL.PublicGenericInterface<>#stuff2<>(T2) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | +| PublicGenericInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicGenericInterface<>#staticStuff(System.String) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | +| PublicGenericInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicGenericInterface<>#staticStuff(System.String) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | | PublicInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicInterface#stuff(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | | PublicInterface.cs:9:29:9:31 | get_PublicProperty | GitHub.CodeQL.PublicInterface#get_PublicProperty() | false | supported | PublicInterface.cs | library | | type | unknown | classification | | PublicInterface.cs:9:34:9:36 | set_PublicProperty | GitHub.CodeQL.PublicInterface#set_PublicProperty(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | diff --git a/csharp/ql/test/utils/modeleditor/PublicGenericClass.cs b/csharp/ql/test/utils/modeleditor/PublicGenericClass.cs new file mode 100644 index 000000000000..7edc38dbed9c --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/PublicGenericClass.cs @@ -0,0 +1,16 @@ +using System; + +namespace GitHub.CodeQL; + +public class PublicGenericClass : PublicGenericInterface +{ + public void stuff(T arg) + { + Console.WriteLine(arg); + } + + public void stuff2(T2 arg) + { + Console.WriteLine(arg); + } +} diff --git a/csharp/ql/test/utils/modeleditor/PublicGenericInterface.cs b/csharp/ql/test/utils/modeleditor/PublicGenericInterface.cs new file mode 100644 index 000000000000..9053f854b3a8 --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/PublicGenericInterface.cs @@ -0,0 +1,15 @@ +using System; + +namespace GitHub.CodeQL; + +public interface PublicGenericInterface +{ + void stuff(T arg); + + void stuff2(T2 arg); + + static void staticStuff(String arg) + { + Console.WriteLine(arg); + } +} From 4693f72d5fc72e40abc5b48a226e9104f06460af Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 15:30:38 +0200 Subject: [PATCH 07/22] C#: Rename CallableMethod to Endpoint --- .../src/utils/modeleditor/AutomodelVsCode.qll | 23 +++++++++---------- .../FetchApplicationModeMethods.ql | 21 +++++++++-------- .../modeleditor/FetchFrameworkModeMethods.ql | 16 ++++++------- 3 files changed, 30 insertions(+), 30 deletions(-) diff --git a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll index 04b3365d36d0..0cac66b5f716 100644 --- a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll +++ b/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll @@ -12,7 +12,6 @@ private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSumma private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate private import semmle.code.csharp.frameworks.Test private import semmle.code.csharp.security.dataflow.flowsources.Remote - private import Telemetry.TestLibrary /** Holds if the given callable is not worth supporting. */ @@ -25,8 +24,8 @@ private predicate isUninteresting(DotNet::Callable c) { /** * An callable method from either the C# Standard Library, a 3rd party library, or from the source. */ -class CallableMethod extends DotNet::Callable { - CallableMethod() { +class Endpoint extends DotNet::Callable { + Endpoint() { [this.(Modifiable), this.(Accessor).getDeclaration()].isEffectivelyPublic() and not isUninteresting(this) } @@ -121,23 +120,23 @@ class CallableMethod extends DotNet::Callable { } } -boolean isSupported(CallableMethod callableMethod) { - callableMethod.isSupported() and result = true +boolean isSupported(Endpoint endpoint) { + endpoint.isSupported() and result = true or - not callableMethod.isSupported() and + not endpoint.isSupported() and result = false } -string supportedType(CallableMethod method) { - method.isSink() and result = "sink" +string supportedType(Endpoint endpoint) { + endpoint.isSink() and result = "sink" or - method.isSource() and result = "source" + endpoint.isSource() and result = "source" or - method.hasSummary() and result = "summary" + endpoint.hasSummary() and result = "summary" or - method.isNeutral() and result = "neutral" + endpoint.isNeutral() and result = "neutral" or - not method.isSupported() and result = "" + not endpoint.isSupported() and result = "" } string methodClassification(Call method) { diff --git a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql index d57f1f5e0ca0..ac30075e5e7e 100644 --- a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql +++ b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql @@ -10,22 +10,23 @@ private import csharp private import AutomodelVsCode -class ExternalApi extends CallableMethod { - ExternalApi() { +class ExternalEndpoint extends Endpoint { + ExternalEndpoint() { this.isUnboundDeclaration() and this.fromLibrary() } } -private Call aUsage(ExternalApi api) { result.getTarget().getUnboundDeclaration() = api } +private Call aUsage(ExternalEndpoint api) { result.getTarget().getUnboundDeclaration() = api } from - ExternalApi api, string apiName, boolean supported, Call usage, string type, string classification + ExternalEndpoint endpoint, string apiName, boolean supported, Call usage, string type, + string classification where - apiName = api.getApiName() and - supported = isSupported(api) and - usage = aUsage(api) and - type = supportedType(api) and + apiName = endpoint.getApiName() and + supported = isSupported(endpoint) and + usage = aUsage(endpoint) and + type = supportedType(endpoint) and classification = methodClassification(usage) -select usage, apiName, supported.toString(), "supported", api.dllName(), api.dllVersion(), type, - "type", classification, "classification" +select usage, apiName, supported.toString(), "supported", endpoint.dllName(), endpoint.dllVersion(), + type, "type", classification, "classification" diff --git a/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql b/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql index 1371749d12d1..8d6be191398f 100644 --- a/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql +++ b/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql @@ -12,14 +12,14 @@ private import dotnet private import semmle.code.csharp.frameworks.Test private import AutomodelVsCode -class PublicMethod extends CallableMethod { - PublicMethod() { this.fromSource() and not this.getFile() instanceof TestFile } +class PublicEndpointFromSource extends Endpoint { + PublicEndpointFromSource() { this.fromSource() and not this.getFile() instanceof TestFile } } -from PublicMethod publicMethod, string apiName, boolean supported, string type +from PublicEndpointFromSource endpoint, string apiName, boolean supported, string type where - apiName = publicMethod.getApiName() and - supported = isSupported(publicMethod) and - type = supportedType(publicMethod) -select publicMethod, apiName, supported.toString(), "supported", - publicMethod.getFile().getBaseName(), "library", type, "type", "unknown", "classification" + apiName = endpoint.getApiName() and + supported = isSupported(endpoint) and + type = supportedType(endpoint) +select endpoint, apiName, supported.toString(), "supported", endpoint.getFile().getBaseName(), + "library", type, "type", "unknown", "classification" From 93972a49d7ed3d461a272d2fbfa58dba5b9c1178 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 15:34:24 +0200 Subject: [PATCH 08/22] C#: Rename AutomodelVsCode to ModelEditor --- csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql | 2 +- csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql | 2 +- .../utils/modeleditor/{AutomodelVsCode.qll => ModelEditor.qll} | 0 3 files changed, 2 insertions(+), 2 deletions(-) rename csharp/ql/src/utils/modeleditor/{AutomodelVsCode.qll => ModelEditor.qll} (100%) diff --git a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql index ac30075e5e7e..2f5529a31245 100644 --- a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql +++ b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql @@ -8,7 +8,7 @@ */ private import csharp -private import AutomodelVsCode +private import ModelEditor class ExternalEndpoint extends Endpoint { ExternalEndpoint() { diff --git a/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql b/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql index 8d6be191398f..fede41907b97 100644 --- a/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql +++ b/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql @@ -10,7 +10,7 @@ private import csharp private import dotnet private import semmle.code.csharp.frameworks.Test -private import AutomodelVsCode +private import ModelEditor class PublicEndpointFromSource extends Endpoint { PublicEndpointFromSource() { this.fromSource() and not this.getFile() instanceof TestFile } diff --git a/csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll b/csharp/ql/src/utils/modeleditor/ModelEditor.qll similarity index 100% rename from csharp/ql/src/utils/modeleditor/AutomodelVsCode.qll rename to csharp/ql/src/utils/modeleditor/ModelEditor.qll From 81a8eeed460dd66a506eeaa431e9c922820b1e67 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 15:45:30 +0200 Subject: [PATCH 09/22] C#: Only include unbound declarations in endpoints --- csharp/ql/src/utils/modeleditor/ModelEditor.qll | 4 +++- .../test/utils/modeleditor/FetchFrameworkModeMethods.expected | 3 --- 2 files changed, 3 insertions(+), 4 deletions(-) diff --git a/csharp/ql/src/utils/modeleditor/ModelEditor.qll b/csharp/ql/src/utils/modeleditor/ModelEditor.qll index 0cac66b5f716..4a2e90e8b723 100644 --- a/csharp/ql/src/utils/modeleditor/ModelEditor.qll +++ b/csharp/ql/src/utils/modeleditor/ModelEditor.qll @@ -27,7 +27,9 @@ private predicate isUninteresting(DotNet::Callable c) { class Endpoint extends DotNet::Callable { Endpoint() { [this.(Modifiable), this.(Accessor).getDeclaration()].isEffectivelyPublic() and - not isUninteresting(this) + not isUninteresting(this) and + this.isUnboundDeclaration() and + this.getDeclaringType().isUnboundDeclaration() } /** diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected index e8eddfca5274..0cc231e8b394 100644 --- a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected +++ b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected @@ -6,11 +6,8 @@ | PublicGenericClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicGenericClass<,>#stuff(T) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | | PublicGenericClass.cs:12:17:12:26 | stuff2<> | GitHub.CodeQL.PublicGenericClass<,>#stuff2<>(T2) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | | PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicGenericInterface<>#stuff(T) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | -| PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicGenericInterface<>#stuff(T) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | -| PublicGenericInterface.cs:9:10:9:19 | stuff2<> | GitHub.CodeQL.PublicGenericInterface<>#stuff2<>(T2) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | | PublicGenericInterface.cs:9:10:9:19 | stuff2<> | GitHub.CodeQL.PublicGenericInterface<>#stuff2<>(T2) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | | PublicGenericInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicGenericInterface<>#staticStuff(System.String) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | -| PublicGenericInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicGenericInterface<>#staticStuff(System.String) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | | PublicInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicInterface#stuff(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | | PublicInterface.cs:9:29:9:31 | get_PublicProperty | GitHub.CodeQL.PublicInterface#get_PublicProperty() | false | supported | PublicInterface.cs | library | | type | unknown | classification | | PublicInterface.cs:9:34:9:36 | set_PublicProperty | GitHub.CodeQL.PublicInterface#set_PublicProperty(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | From 948e36a4c53d5fefb7086e9b933e63569f6dc289 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 15:47:50 +0200 Subject: [PATCH 10/22] C#: Update comment for Endpoint --- csharp/ql/src/utils/modeleditor/ModelEditor.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/src/utils/modeleditor/ModelEditor.qll b/csharp/ql/src/utils/modeleditor/ModelEditor.qll index 4a2e90e8b723..38d8b9f280e6 100644 --- a/csharp/ql/src/utils/modeleditor/ModelEditor.qll +++ b/csharp/ql/src/utils/modeleditor/ModelEditor.qll @@ -22,7 +22,7 @@ private predicate isUninteresting(DotNet::Callable c) { } /** - * An callable method from either the C# Standard Library, a 3rd party library, or from the source. + * A callable method or accessor from either the C# Standard Library, a 3rd party library, or from the source. */ class Endpoint extends DotNet::Callable { Endpoint() { From 489561f4f124ec664c550cb16a3a13ee8f26ed8d Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 18 Sep 2023 15:49:59 +0200 Subject: [PATCH 11/22] C#: Fix formatting of ExternalApi --- csharp/ql/src/Telemetry/ExternalApi.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll index 367695243799..a7889318bc4c 100644 --- a/csharp/ql/src/Telemetry/ExternalApi.qll +++ b/csharp/ql/src/Telemetry/ExternalApi.qll @@ -11,7 +11,6 @@ private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlow private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate private import semmle.code.csharp.security.dataflow.flowsources.Remote - private import TestLibrary /** Holds if the given callable is not worth supporting. */ From dd7904969f02fd55abb339618e2de605d603b527 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Tue, 19 Sep 2023 14:51:03 +0200 Subject: [PATCH 12/22] C#: Remove unnecessary isUnboundDeclaration predicates --- csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql | 1 - csharp/ql/src/utils/modeleditor/ModelEditor.qll | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql index 2f5529a31245..c942970fa5b8 100644 --- a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql +++ b/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql @@ -12,7 +12,6 @@ private import ModelEditor class ExternalEndpoint extends Endpoint { ExternalEndpoint() { - this.isUnboundDeclaration() and this.fromLibrary() } } diff --git a/csharp/ql/src/utils/modeleditor/ModelEditor.qll b/csharp/ql/src/utils/modeleditor/ModelEditor.qll index 38d8b9f280e6..f91e7d8aa9cc 100644 --- a/csharp/ql/src/utils/modeleditor/ModelEditor.qll +++ b/csharp/ql/src/utils/modeleditor/ModelEditor.qll @@ -28,8 +28,7 @@ class Endpoint extends DotNet::Callable { Endpoint() { [this.(Modifiable), this.(Accessor).getDeclaration()].isEffectivelyPublic() and not isUninteresting(this) and - this.isUnboundDeclaration() and - this.getDeclaringType().isUnboundDeclaration() + this.isUnboundDeclaration() } /** From 14a2b7f79f9704a18512517bd9c14f39ad64e7cf Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Tue, 19 Sep 2023 14:55:57 +0200 Subject: [PATCH 13/22] C#: Add tests for private methods and accessors --- .../modeleditor/FetchApplicationModeMethods.expected | 5 ++++- .../utils/modeleditor/FetchFrameworkModeMethods.expected | 6 +++--- csharp/ql/test/utils/modeleditor/PublicClass.cs | 8 +++++++- 3 files changed, 14 insertions(+), 5 deletions(-) diff --git a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected index 87a66a7e6a13..9dcdbdf846a9 100644 --- a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected +++ b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected @@ -4,7 +4,10 @@ | PublicClass.cs:19:9:19:51 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | | PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | | PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | source | type | source | classification | -| PublicClass.cs:24:9:24:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicClass.cs:24:9:24:46 | call to method Write | System.Console#Write(System.Object) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicClass.cs:24:23:24:45 | access to property BackgroundColor | System.Console#get_BackgroundColor() | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicClass.cs:25:9:25:31 | access to property ForegroundColor | System.Console#set_ForegroundColor(System.ConsoleColor) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| PublicClass.cs:30:9:30:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | | PublicGenericClass.cs:9:9:9:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | | PublicGenericClass.cs:14:9:14:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | | PublicGenericInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected index 0cc231e8b394..177ed1d98ec4 100644 --- a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected +++ b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected @@ -1,8 +1,8 @@ | PublicClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicClass#stuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | | PublicClass.cs:12:24:12:34 | staticStuff | GitHub.CodeQL.PublicClass#staticStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | -| PublicClass.cs:17:20:17:33 | nonPublicStuff | GitHub.CodeQL.PublicClass#nonPublicStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | -| PublicClass.cs:27:45:27:47 | get_PublicProperty | GitHub.CodeQL.PublicClass#get_PublicProperty() | false | supported | PublicClass.cs | library | | type | unknown | classification | -| PublicClass.cs:27:50:27:52 | set_PublicProperty | GitHub.CodeQL.PublicClass#set_PublicProperty(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicClass.cs:17:20:17:33 | protectedStuff | GitHub.CodeQL.PublicClass#protectedStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicClass.cs:33:45:33:47 | get_PublicProperty | GitHub.CodeQL.PublicClass#get_PublicProperty() | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicClass.cs:33:50:33:52 | set_PublicProperty | GitHub.CodeQL.PublicClass#set_PublicProperty(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | | PublicGenericClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicGenericClass<,>#stuff(T) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | | PublicGenericClass.cs:12:17:12:26 | stuff2<> | GitHub.CodeQL.PublicGenericClass<,>#stuff2<>(T2) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | | PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicGenericInterface<>#stuff(T) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | diff --git a/csharp/ql/test/utils/modeleditor/PublicClass.cs b/csharp/ql/test/utils/modeleditor/PublicClass.cs index dd5383a627de..05f5c4c46097 100644 --- a/csharp/ql/test/utils/modeleditor/PublicClass.cs +++ b/csharp/ql/test/utils/modeleditor/PublicClass.cs @@ -14,11 +14,17 @@ public static void staticStuff(String arg) Console.WriteLine(arg); } - protected void nonPublicStuff(String arg) + protected void protectedStuff(String arg) { Console.WriteLine(arg + Console.ReadLine()); } + private void privateStuff(String arg) + { + Console.Write(Console.BackgroundColor); + Console.ForegroundColor = ConsoleColor.Red; + } + internal void internalStuff(String arg) { Console.WriteLine(arg); From eace7a4bbff80f9ced9994b56a3d9408f295e56e Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Tue, 19 Sep 2023 15:49:35 +0200 Subject: [PATCH 14/22] C#: Add tests for supported framework methods --- .../FetchFrameworkModeMethods.expected | 4 ++++ .../FetchFrameworkModeMethods.ext.yml | 24 +++++++++++++++++++ .../ql/test/utils/modeleditor/PublicClass.cs | 20 ++++++++++++++++ 3 files changed, 48 insertions(+) create mode 100644 csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.ext.yml diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected index 177ed1d98ec4..c1fdfc764c9d 100644 --- a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected +++ b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected @@ -3,6 +3,10 @@ | PublicClass.cs:17:20:17:33 | protectedStuff | GitHub.CodeQL.PublicClass#protectedStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | | PublicClass.cs:33:45:33:47 | get_PublicProperty | GitHub.CodeQL.PublicClass#get_PublicProperty() | false | supported | PublicClass.cs | library | | type | unknown | classification | | PublicClass.cs:33:50:33:52 | set_PublicProperty | GitHub.CodeQL.PublicClass#set_PublicProperty(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | +| PublicClass.cs:35:19:35:30 | summaryStuff | GitHub.CodeQL.PublicClass#summaryStuff(System.String) | true | supported | PublicClass.cs | library | summary | type | unknown | classification | +| PublicClass.cs:40:19:40:29 | sourceStuff | GitHub.CodeQL.PublicClass#sourceStuff() | true | supported | PublicClass.cs | library | source | type | unknown | classification | +| PublicClass.cs:45:17:45:25 | sinkStuff | GitHub.CodeQL.PublicClass#sinkStuff(System.String) | true | supported | PublicClass.cs | library | sink | type | unknown | classification | +| PublicClass.cs:50:17:50:28 | neutralStuff | GitHub.CodeQL.PublicClass#neutralStuff(System.String) | true | supported | PublicClass.cs | library | neutral | type | unknown | classification | | PublicGenericClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicGenericClass<,>#stuff(T) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | | PublicGenericClass.cs:12:17:12:26 | stuff2<> | GitHub.CodeQL.PublicGenericClass<,>#stuff2<>(T2) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | | PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicGenericInterface<>#stuff(T) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.ext.yml b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.ext.yml new file mode 100644 index 000000000000..f624dfea64a4 --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.ext.yml @@ -0,0 +1,24 @@ +extensions: + - addsTo: + pack: codeql/csharp-all + extensible: sourceModel + data: + - ["GitHub.CodeQL","PublicClass",true,"sourceStuff","()","","ReturnValue","remote","manual"] + + - addsTo: + pack: codeql/csharp-all + extensible: sinkModel + data: + - ["GitHub.CodeQL","PublicClass",true,"sinkStuff","(System.String)","","Argument[0]","sql-injection","manual"] + + - addsTo: + pack: codeql/csharp-all + extensible: summaryModel + data: + - ["GitHub.CodeQL","PublicClass",true,"summaryStuff","(System.String)","","Argument[0]","ReturnValue","taint","manual"] + + - addsTo: + pack: codeql/csharp-all + extensible: neutralModel + data: + - ["GitHub.CodeQL","PublicClass","neutralStuff","(System.String)","summary","manual"] diff --git a/csharp/ql/test/utils/modeleditor/PublicClass.cs b/csharp/ql/test/utils/modeleditor/PublicClass.cs index 05f5c4c46097..bd10a76472bf 100644 --- a/csharp/ql/test/utils/modeleditor/PublicClass.cs +++ b/csharp/ql/test/utils/modeleditor/PublicClass.cs @@ -31,4 +31,24 @@ internal void internalStuff(String arg) } string PublicInterface.PublicProperty { get; set; } + + public string summaryStuff(String arg) + { + return arg; + } + + public string sourceStuff() + { + return "stuff"; + } + + public void sinkStuff(String arg) + { + // do nothing + } + + public void neutralStuff(String arg) + { + // do nothing + } } From 044fb9f320a0028319bf94501f9c917280c130fe Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Tue, 19 Sep 2023 15:51:12 +0200 Subject: [PATCH 15/22] C#: Rename queries from fetch methods to endpoints --- ...etchApplicationModeMethods.ql => ApplicationModeEndpoints.ql} | 0 .../{FetchFrameworkModeMethods.ql => FrameworkModeEndpoints.ql} | 0 ...ionModeMethods.expected => ApplicationModeEndpoints.expected} | 0 csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.qlref | 1 + .../ql/test/utils/modeleditor/FetchApplicationModeMethods.qlref | 1 - csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.qlref | 1 - ...eworkModeMethods.expected => FrameworkModeEndpoints.expected} | 0 ...ameworkModeMethods.ext.yml => FrameworkModeEndpoints.ext.yml} | 0 csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.qlref | 1 + 9 files changed, 2 insertions(+), 2 deletions(-) rename csharp/ql/src/utils/modeleditor/{FetchApplicationModeMethods.ql => ApplicationModeEndpoints.ql} (100%) rename csharp/ql/src/utils/modeleditor/{FetchFrameworkModeMethods.ql => FrameworkModeEndpoints.ql} (100%) rename csharp/ql/test/utils/modeleditor/{FetchApplicationModeMethods.expected => ApplicationModeEndpoints.expected} (100%) create mode 100644 csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.qlref delete mode 100644 csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.qlref delete mode 100644 csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.qlref rename csharp/ql/test/utils/modeleditor/{FetchFrameworkModeMethods.expected => FrameworkModeEndpoints.expected} (100%) rename csharp/ql/test/utils/modeleditor/{FetchFrameworkModeMethods.ext.yml => FrameworkModeEndpoints.ext.yml} (100%) create mode 100644 csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.qlref diff --git a/csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql similarity index 100% rename from csharp/ql/src/utils/modeleditor/FetchApplicationModeMethods.ql rename to csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql diff --git a/csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql similarity index 100% rename from csharp/ql/src/utils/modeleditor/FetchFrameworkModeMethods.ql rename to csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql diff --git a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected b/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected similarity index 100% rename from csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.expected rename to csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected diff --git a/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.qlref b/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.qlref new file mode 100644 index 000000000000..4787fa5d4b2e --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.qlref @@ -0,0 +1 @@ +utils/modeleditor/ApplicationModeEndpoints.ql \ No newline at end of file diff --git a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.qlref b/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.qlref deleted file mode 100644 index 9d2454657314..000000000000 --- a/csharp/ql/test/utils/modeleditor/FetchApplicationModeMethods.qlref +++ /dev/null @@ -1 +0,0 @@ -utils/modeleditor/FetchApplicationModeMethods.ql \ No newline at end of file diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.qlref b/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.qlref deleted file mode 100644 index 39bdee5a08d5..000000000000 --- a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.qlref +++ /dev/null @@ -1 +0,0 @@ -utils/modeleditor/FetchFrameworkModeMethods.ql \ No newline at end of file diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected similarity index 100% rename from csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.expected rename to csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected diff --git a/csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.ext.yml b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.ext.yml similarity index 100% rename from csharp/ql/test/utils/modeleditor/FetchFrameworkModeMethods.ext.yml rename to csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.ext.yml diff --git a/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.qlref b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.qlref new file mode 100644 index 000000000000..5ae87455edd6 --- /dev/null +++ b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.qlref @@ -0,0 +1 @@ +utils/modeleditor/FrameworkModeEndpoints.ql \ No newline at end of file From 3ebb9e16bed07323395109d43d892b7fd9bae001 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Tue, 19 Sep 2023 15:54:15 +0200 Subject: [PATCH 16/22] C#: Update query id/tags and documentation --- .../utils/modeleditor/ApplicationModeEndpoints.ql | 12 +++++------- .../src/utils/modeleditor/FrameworkModeEndpoints.ql | 8 ++++---- 2 files changed, 9 insertions(+), 11 deletions(-) diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql index c942970fa5b8..c8f6347d2c3a 100644 --- a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql @@ -1,19 +1,17 @@ /** - * @name Fetch model editor methods (application mode) - * @description A list of 3rd party APIs used in the codebase. Excludes test and generated code. + * @name Fetch endpoints for use in the model editor (application mode) + * @description A list of 3rd party endpoints (methods and attributes) used in the codebase. Excludes test and generated code. * @kind problem * @problem.severity recommendation - * @id csharp/utils/modeleditor/fetch-application-mode-methods - * @tags modeleditor fetch methods application-mode + * @id csharp/utils/modeleditor/application-mode-endpoints + * @tags modeleditor endpoints application-mode */ private import csharp private import ModelEditor class ExternalEndpoint extends Endpoint { - ExternalEndpoint() { - this.fromLibrary() - } + ExternalEndpoint() { this.fromLibrary() } } private Call aUsage(ExternalEndpoint api) { result.getTarget().getUnboundDeclaration() = api } diff --git a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql index fede41907b97..125bceee641a 100644 --- a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql @@ -1,10 +1,10 @@ /** - * @name Fetch model editor methods (framework mode) - * @description A list of APIs callable by consumers. Excludes test and generated code. + * @name Fetch endpoints for use in the model editor (framework mode) + * @description A list of endpoints accessible (methods and attributes) for consumers of the library. Excludes test and generated code. * @kind problem * @problem.severity recommendation - * @id csharp/utils/modeleditor/fetch-framework-mode-methods - * @tags modeleditor fetch methods framework-mode + * @id csharp/utils/modeleditor/framework-mode-endpoints + * @tags modeleditor endpoints framework-mode */ private import csharp From 45432f211c8bfed8f9fc9f163a41647a6f5ee1fc Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 20 Sep 2023 13:01:24 +0200 Subject: [PATCH 17/22] C#: Identify whether callables in the source code are supported in terms of MaD. --- .../code/csharp/dataflow/ExternalFlow.qll | 14 +++++++ .../modeleditor/ApplicationModeEndpoints.ql | 40 +++++++++++++++++++ .../modeleditor/FrameworkModeEndpoints.ql | 9 ++++- .../ql/src/utils/modeleditor/ModelEditor.qll | 40 ++----------------- 4 files changed, 65 insertions(+), 38 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll index 755b80230408..7f09f70014b7 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll @@ -418,6 +418,20 @@ Element interpretElement( ) } +/** + * A callable where there exists a MaD sink model that applies to it. + */ +class SinkCallable extends Callable { + SinkCallable() { sinkElement(this, _, _, _) } +} + +/** + * A callable where there exists a MaD source model that applies to it. + */ +class SourceCallable extends Callable { + SourceCallable() { sourceElement(this, _, _, _) } +} + cached private module Cached { /** diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql index c8f6347d2c3a..272229cbdac6 100644 --- a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql @@ -8,10 +8,50 @@ */ private import csharp +private import semmle.code.csharp.dataflow.ExternalFlow +private import semmle.code.csharp.dataflow.FlowSummary +private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch +private import semmle.code.csharp.dataflow.internal.DataFlowPrivate +private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon +private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate +private import semmle.code.csharp.security.dataflow.flowsources.Remote private import ModelEditor class ExternalEndpoint extends Endpoint { ExternalEndpoint() { this.fromLibrary() } + + /** Gets a node that is an input to a call to this API. */ + private ArgumentNode getAnInput() { + result + .getCall() + .(DataFlowDispatch::NonDelegateDataFlowCall) + .getATarget(_) + .getUnboundDeclaration() = this + } + + /** Gets a node that is an output from a call to this API. */ + private DataFlow::Node getAnOutput() { + exists( + Call c, DataFlowDispatch::NonDelegateDataFlowCall dc, DataFlowImplCommon::ReturnKindExt ret + | + dc.getDispatchCall().getCall() = c and + c.getTarget().getUnboundDeclaration() = this + | + result = ret.getAnOutNode(dc) + ) + } + + override predicate hasSummary() { + this instanceof SummarizedCallable + or + defaultAdditionalTaintStep(this.getAnInput(), _) + } + + override predicate isSource() { + this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _) + } + + override predicate isSink() { sinkNode(this.getAnInput(), _) } } private Call aUsage(ExternalEndpoint api) { result.getTarget().getUnboundDeclaration() = api } diff --git a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql index 125bceee641a..381aeeafce7a 100644 --- a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql @@ -8,12 +8,19 @@ */ private import csharp -private import dotnet +private import semmle.code.csharp.dataflow.ExternalFlow +private import semmle.code.csharp.dataflow.FlowSummary private import semmle.code.csharp.frameworks.Test private import ModelEditor class PublicEndpointFromSource extends Endpoint { PublicEndpointFromSource() { this.fromSource() and not this.getFile() instanceof TestFile } + + override predicate hasSummary() { this instanceof SummarizedCallable } + + override predicate isSource() { this instanceof SourceCallable } + + override predicate isSink() { this instanceof SinkCallable } } from PublicEndpointFromSource endpoint, string apiName, boolean supported, string type diff --git a/csharp/ql/src/utils/modeleditor/ModelEditor.qll b/csharp/ql/src/utils/modeleditor/ModelEditor.qll index f91e7d8aa9cc..11424dac83a2 100644 --- a/csharp/ql/src/utils/modeleditor/ModelEditor.qll +++ b/csharp/ql/src/utils/modeleditor/ModelEditor.qll @@ -2,16 +2,9 @@ private import csharp private import dotnet -private import semmle.code.csharp.dispatch.Dispatch -private import semmle.code.csharp.dataflow.ExternalFlow -private import semmle.code.csharp.dataflow.FlowSummary -private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon private import semmle.code.csharp.dataflow.internal.DataFlowPrivate -private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl -private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate private import semmle.code.csharp.frameworks.Test -private import semmle.code.csharp.security.dataflow.flowsources.Remote private import Telemetry.TestLibrary /** Holds if the given callable is not worth supporting. */ @@ -69,44 +62,17 @@ class Endpoint extends DotNet::Callable { not exists(this.getDllVersion()) and result = "" } - /** Gets a node that is an input to a call to this API. */ - private ArgumentNode getAnInput() { - result - .getCall() - .(DataFlowDispatch::NonDelegateDataFlowCall) - .getATarget(_) - .getUnboundDeclaration() = this - } - - /** Gets a node that is an output from a call to this API. */ - private DataFlow::Node getAnOutput() { - exists( - Call c, DataFlowDispatch::NonDelegateDataFlowCall dc, DataFlowImplCommon::ReturnKindExt ret - | - dc.getDispatchCall().getCall() = c and - c.getTarget().getUnboundDeclaration() = this - | - result = ret.getAnOutNode(dc) - ) - } - /** Holds if this API has a supported summary. */ pragma[nomagic] - predicate hasSummary() { - this instanceof SummarizedCallable - or - defaultAdditionalTaintStep(this.getAnInput(), _) - } + abstract predicate hasSummary(); /** Holds if this API is a known source. */ pragma[nomagic] - predicate isSource() { - this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _) - } + abstract predicate isSource(); /** Holds if this API is a known sink. */ pragma[nomagic] - predicate isSink() { sinkNode(this.getAnInput(), _) } + abstract predicate isSink(); /** Holds if this API is a known neutral. */ pragma[nomagic] From 50a9219a3b2d52b0e0e3fcf20daff66aa93451d4 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 20 Sep 2023 13:08:01 +0200 Subject: [PATCH 18/22] C#: Re-factor most of the logic out of the model editor query files. --- .../modeleditor/ApplicationModeEndpoints.ql | 49 ++----------------- .../ApplicationModeEndpointsQuery.qll | 46 +++++++++++++++++ .../modeleditor/FrameworkModeEndpoints.ql | 18 ++----- .../FrameworkModeEndpointsQuery.qll | 15 ++++++ 4 files changed, 67 insertions(+), 61 deletions(-) create mode 100644 csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll create mode 100644 csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql index 272229cbdac6..334c8a9a64d9 100644 --- a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql @@ -7,52 +7,9 @@ * @tags modeleditor endpoints application-mode */ -private import csharp -private import semmle.code.csharp.dataflow.ExternalFlow -private import semmle.code.csharp.dataflow.FlowSummary -private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch -private import semmle.code.csharp.dataflow.internal.DataFlowPrivate -private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon -private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate -private import semmle.code.csharp.security.dataflow.flowsources.Remote -private import ModelEditor - -class ExternalEndpoint extends Endpoint { - ExternalEndpoint() { this.fromLibrary() } - - /** Gets a node that is an input to a call to this API. */ - private ArgumentNode getAnInput() { - result - .getCall() - .(DataFlowDispatch::NonDelegateDataFlowCall) - .getATarget(_) - .getUnboundDeclaration() = this - } - - /** Gets a node that is an output from a call to this API. */ - private DataFlow::Node getAnOutput() { - exists( - Call c, DataFlowDispatch::NonDelegateDataFlowCall dc, DataFlowImplCommon::ReturnKindExt ret - | - dc.getDispatchCall().getCall() = c and - c.getTarget().getUnboundDeclaration() = this - | - result = ret.getAnOutNode(dc) - ) - } - - override predicate hasSummary() { - this instanceof SummarizedCallable - or - defaultAdditionalTaintStep(this.getAnInput(), _) - } - - override predicate isSource() { - this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _) - } - - override predicate isSink() { sinkNode(this.getAnInput(), _) } -} +import csharp +import ApplicationModeEndpointsQuery +import ModelEditor private Call aUsage(ExternalEndpoint api) { result.getTarget().getUnboundDeclaration() = api } diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll new file mode 100644 index 000000000000..9076cb87d900 --- /dev/null +++ b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll @@ -0,0 +1,46 @@ +private import csharp +private import semmle.code.csharp.dataflow.ExternalFlow +private import semmle.code.csharp.dataflow.FlowSummary +private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch +private import semmle.code.csharp.dataflow.internal.DataFlowPrivate +private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon +private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate +private import semmle.code.csharp.security.dataflow.flowsources.Remote +private import ModelEditor + +class ExternalEndpoint extends Endpoint { + ExternalEndpoint() { this.fromLibrary() } + + /** Gets a node that is an input to a call to this API. */ + private ArgumentNode getAnInput() { + result + .getCall() + .(DataFlowDispatch::NonDelegateDataFlowCall) + .getATarget(_) + .getUnboundDeclaration() = this + } + + /** Gets a node that is an output from a call to this API. */ + private DataFlow::Node getAnOutput() { + exists( + Call c, DataFlowDispatch::NonDelegateDataFlowCall dc, DataFlowImplCommon::ReturnKindExt ret + | + dc.getDispatchCall().getCall() = c and + c.getTarget().getUnboundDeclaration() = this + | + result = ret.getAnOutNode(dc) + ) + } + + override predicate hasSummary() { + this instanceof SummarizedCallable + or + defaultAdditionalTaintStep(this.getAnInput(), _) + } + + override predicate isSource() { + this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _) + } + + override predicate isSink() { sinkNode(this.getAnInput(), _) } +} diff --git a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql index 381aeeafce7a..71de3b55be34 100644 --- a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql @@ -7,21 +7,9 @@ * @tags modeleditor endpoints framework-mode */ -private import csharp -private import semmle.code.csharp.dataflow.ExternalFlow -private import semmle.code.csharp.dataflow.FlowSummary -private import semmle.code.csharp.frameworks.Test -private import ModelEditor - -class PublicEndpointFromSource extends Endpoint { - PublicEndpointFromSource() { this.fromSource() and not this.getFile() instanceof TestFile } - - override predicate hasSummary() { this instanceof SummarizedCallable } - - override predicate isSource() { this instanceof SourceCallable } - - override predicate isSink() { this instanceof SinkCallable } -} +import csharp +import FrameworkModeEndpointsQuery +import ModelEditor from PublicEndpointFromSource endpoint, string apiName, boolean supported, string type where diff --git a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll new file mode 100644 index 000000000000..5826cac1a6e0 --- /dev/null +++ b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll @@ -0,0 +1,15 @@ +private import csharp +private import semmle.code.csharp.dataflow.ExternalFlow +private import semmle.code.csharp.dataflow.FlowSummary +private import semmle.code.csharp.frameworks.Test +private import ModelEditor + +class PublicEndpointFromSource extends Endpoint { + PublicEndpointFromSource() { this.fromSource() and not this.getFile() instanceof TestFile } + + override predicate hasSummary() { this instanceof SummarizedCallable } + + override predicate isSource() { this instanceof SourceCallable } + + override predicate isSink() { this instanceof SinkCallable } +} From 13dd9a6c37c62f2293e67d6b7588f5bcf2e04aa9 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 20 Sep 2023 13:43:38 +0200 Subject: [PATCH 19/22] C#: Address review comments. --- csharp/ql/src/Telemetry/ExternalApi.qll | 5 ++-- .../ApplicationModeEndpointsQuery.qll | 12 ++++----- .../FrameworkModeEndpointsQuery.qll | 6 ++--- .../ql/src/utils/modeleditor/ModelEditor.qll | 26 ++++++++----------- 4 files changed, 22 insertions(+), 27 deletions(-) diff --git a/csharp/ql/src/Telemetry/ExternalApi.qll b/csharp/ql/src/Telemetry/ExternalApi.qll index a7889318bc4c..0f1ec6c2931c 100644 --- a/csharp/ql/src/Telemetry/ExternalApi.qll +++ b/csharp/ql/src/Telemetry/ExternalApi.qll @@ -1,7 +1,6 @@ /** Provides classes and predicates related to handling APIs from external libraries. */ private import csharp -private import dotnet private import semmle.code.csharp.dispatch.Dispatch private import semmle.code.csharp.dataflow.ExternalFlow private import semmle.code.csharp.dataflow.FlowSummary @@ -14,7 +13,7 @@ private import semmle.code.csharp.security.dataflow.flowsources.Remote private import TestLibrary /** Holds if the given callable is not worth supporting. */ -private predicate isUninteresting(DotNet::Callable c) { +private predicate isUninteresting(Callable c) { c.getDeclaringType() instanceof TestLibrary or c.(Constructor).isParameterless() } @@ -22,7 +21,7 @@ private predicate isUninteresting(DotNet::Callable c) { /** * An external API from either the C# Standard Library or a 3rd party library. */ -class ExternalApi extends DotNet::Callable { +class ExternalApi extends Callable { ExternalApi() { this.isUnboundDeclaration() and this.fromLibrary() and diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll index 9076cb87d900..1e2c58e98932 100644 --- a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll +++ b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll @@ -1,6 +1,5 @@ private import csharp private import semmle.code.csharp.dataflow.ExternalFlow -private import semmle.code.csharp.dataflow.FlowSummary private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch private import semmle.code.csharp.dataflow.internal.DataFlowPrivate private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon @@ -8,6 +7,9 @@ private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate private import semmle.code.csharp.security.dataflow.flowsources.Remote private import ModelEditor +/** + * A class of effectively public callables in library code. + */ class ExternalEndpoint extends Endpoint { ExternalEndpoint() { this.fromLibrary() } @@ -22,18 +24,16 @@ class ExternalEndpoint extends Endpoint { /** Gets a node that is an output from a call to this API. */ private DataFlow::Node getAnOutput() { - exists( - Call c, DataFlowDispatch::NonDelegateDataFlowCall dc, DataFlowImplCommon::ReturnKindExt ret - | + exists(Call c, DataFlowDispatch::NonDelegateDataFlowCall dc | dc.getDispatchCall().getCall() = c and c.getTarget().getUnboundDeclaration() = this | - result = ret.getAnOutNode(dc) + result = DataFlowDispatch::getAnOutNode(dc, _) ) } override predicate hasSummary() { - this instanceof SummarizedCallable + Endpoint.super.hasSummary() or defaultAdditionalTaintStep(this.getAnInput(), _) } diff --git a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll index 5826cac1a6e0..b83060ed17f8 100644 --- a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll +++ b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll @@ -1,14 +1,14 @@ private import csharp private import semmle.code.csharp.dataflow.ExternalFlow -private import semmle.code.csharp.dataflow.FlowSummary private import semmle.code.csharp.frameworks.Test private import ModelEditor +/** + * A class of effectively public callables from source code. + */ class PublicEndpointFromSource extends Endpoint { PublicEndpointFromSource() { this.fromSource() and not this.getFile() instanceof TestFile } - override predicate hasSummary() { this instanceof SummarizedCallable } - override predicate isSource() { this instanceof SourceCallable } override predicate isSink() { this instanceof SinkCallable } diff --git a/csharp/ql/src/utils/modeleditor/ModelEditor.qll b/csharp/ql/src/utils/modeleditor/ModelEditor.qll index 11424dac83a2..1b34b8e2e912 100644 --- a/csharp/ql/src/utils/modeleditor/ModelEditor.qll +++ b/csharp/ql/src/utils/modeleditor/ModelEditor.qll @@ -1,14 +1,14 @@ /** Provides classes and predicates related to handling APIs for the VS Code extension. */ private import csharp -private import dotnet +private import semmle.code.csharp.dataflow.FlowSummary private import semmle.code.csharp.dataflow.internal.DataFlowPrivate private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl private import semmle.code.csharp.frameworks.Test private import Telemetry.TestLibrary /** Holds if the given callable is not worth supporting. */ -private predicate isUninteresting(DotNet::Callable c) { +private predicate isUninteresting(Callable c) { c.getDeclaringType() instanceof TestLibrary or c.(Constructor).isParameterless() or c.getDeclaringType() instanceof AnonymousClass @@ -17,7 +17,7 @@ private predicate isUninteresting(DotNet::Callable c) { /** * A callable method or accessor from either the C# Standard Library, a 3rd party library, or from the source. */ -class Endpoint extends DotNet::Callable { +class Endpoint extends Callable { Endpoint() { [this.(Modifiable), this.(Accessor).getDeclaration()].isEffectivelyPublic() and not isUninteresting(this) and @@ -64,7 +64,7 @@ class Endpoint extends DotNet::Callable { /** Holds if this API has a supported summary. */ pragma[nomagic] - abstract predicate hasSummary(); + predicate hasSummary() { this instanceof SummarizedCallable } /** Holds if this API is a known source. */ pragma[nomagic] @@ -88,10 +88,7 @@ class Endpoint extends DotNet::Callable { } boolean isSupported(Endpoint endpoint) { - endpoint.isSupported() and result = true - or - not endpoint.isSupported() and - result = false + if endpoint.isSupported() then result = true else result = false } string supportedType(Endpoint endpoint) { @@ -114,16 +111,15 @@ string methodClassification(Call method) { } /** - * Gets the nested name of the declaration. + * Gets the nested name of the type `t`. * - * If the declaration is not a nested type, the result is the same as `getName()`. + * If the type is not a nested type, the result is the same as `getName()`. * Otherwise the name of the nested type is prefixed with a `+` and appended to * the name of the enclosing type, which might be a nested type as well. */ -private string nestedName(Declaration declaration) { - not exists(declaration.getDeclaringType().getUnboundDeclaration()) and - result = declaration.getName() +private string nestedName(Type t) { + not exists(t.getDeclaringType().getUnboundDeclaration()) and + result = t.getName() or - nestedName(declaration.getDeclaringType().getUnboundDeclaration()) + "+" + declaration.getName() = - result + nestedName(t.getDeclaringType().getUnboundDeclaration()) + "+" + t.getName() = result } From 0fea21f3e7de59676bb512e9529b20280a1a521c Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Fri, 22 Sep 2023 16:35:15 +0200 Subject: [PATCH 20/22] C#: Remove unnecessary columns --- .../modeleditor/ApplicationModeEndpoints.ql | 6 ++-- .../modeleditor/FrameworkModeEndpoints.ql | 6 ++-- .../ApplicationModeEndpoints.expected | 28 +++++++-------- .../FrameworkModeEndpoints.expected | 36 +++++++++---------- 4 files changed, 36 insertions(+), 40 deletions(-) diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql index 334c8a9a64d9..ad40ebe91c41 100644 --- a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql @@ -1,8 +1,7 @@ /** * @name Fetch endpoints for use in the model editor (application mode) * @description A list of 3rd party endpoints (methods and attributes) used in the codebase. Excludes test and generated code. - * @kind problem - * @problem.severity recommendation + * @kind table * @id csharp/utils/modeleditor/application-mode-endpoints * @tags modeleditor endpoints application-mode */ @@ -22,5 +21,4 @@ where usage = aUsage(endpoint) and type = supportedType(endpoint) and classification = methodClassification(usage) -select usage, apiName, supported.toString(), "supported", endpoint.dllName(), endpoint.dllVersion(), - type, "type", classification, "classification" +select usage, apiName, supported, endpoint.dllName(), endpoint.dllVersion(), type, classification diff --git a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql index 71de3b55be34..5924fb2526f4 100644 --- a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql @@ -1,8 +1,7 @@ /** * @name Fetch endpoints for use in the model editor (framework mode) * @description A list of endpoints accessible (methods and attributes) for consumers of the library. Excludes test and generated code. - * @kind problem - * @problem.severity recommendation + * @kind table * @id csharp/utils/modeleditor/framework-mode-endpoints * @tags modeleditor endpoints framework-mode */ @@ -16,5 +15,4 @@ where apiName = endpoint.getApiName() and supported = isSupported(endpoint) and type = supportedType(endpoint) -select endpoint, apiName, supported.toString(), "supported", endpoint.getFile().getBaseName(), - "library", type, "type", "unknown", "classification" +select endpoint, apiName, supported, endpoint.getFile().getBaseName(), type diff --git a/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected b/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected index 9dcdbdf846a9..7093e608799b 100644 --- a/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected +++ b/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected @@ -1,14 +1,14 @@ -| NonPublicClass.cs:9:9:9:31 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicClass.cs:9:9:9:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicClass.cs:14:9:14:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicClass.cs:19:9:19:51 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | supported | System.Console | 7.0.0.0 | source | type | source | classification | -| PublicClass.cs:24:9:24:46 | call to method Write | System.Console#Write(System.Object) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicClass.cs:24:23:24:45 | access to property BackgroundColor | System.Console#get_BackgroundColor() | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicClass.cs:25:9:25:31 | access to property ForegroundColor | System.Console#set_ForegroundColor(System.ConsoleColor) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicClass.cs:30:9:30:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicGenericClass.cs:9:9:9:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicGenericClass.cs:14:9:14:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicGenericInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | -| PublicInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | supported | System.Console | 7.0.0.0 | neutral | type | source | classification | +| NonPublicClass.cs:9:9:9:31 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:9:9:9:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:14:9:14:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:19:9:19:51 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | System.Console | 7.0.0.0 | source | source | +| PublicClass.cs:24:9:24:46 | call to method Write | System.Console#Write(System.Object) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:24:23:24:45 | access to property BackgroundColor | System.Console#get_BackgroundColor() | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:25:9:25:31 | access to property ForegroundColor | System.Console#set_ForegroundColor(System.ConsoleColor) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:30:9:30:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicGenericClass.cs:9:9:9:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicGenericClass.cs:14:9:14:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicGenericInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | +| PublicInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | diff --git a/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected index c1fdfc764c9d..da8a871266c7 100644 --- a/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected +++ b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected @@ -1,18 +1,18 @@ -| PublicClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicClass#stuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | -| PublicClass.cs:12:24:12:34 | staticStuff | GitHub.CodeQL.PublicClass#staticStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | -| PublicClass.cs:17:20:17:33 | protectedStuff | GitHub.CodeQL.PublicClass#protectedStuff(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | -| PublicClass.cs:33:45:33:47 | get_PublicProperty | GitHub.CodeQL.PublicClass#get_PublicProperty() | false | supported | PublicClass.cs | library | | type | unknown | classification | -| PublicClass.cs:33:50:33:52 | set_PublicProperty | GitHub.CodeQL.PublicClass#set_PublicProperty(System.String) | false | supported | PublicClass.cs | library | | type | unknown | classification | -| PublicClass.cs:35:19:35:30 | summaryStuff | GitHub.CodeQL.PublicClass#summaryStuff(System.String) | true | supported | PublicClass.cs | library | summary | type | unknown | classification | -| PublicClass.cs:40:19:40:29 | sourceStuff | GitHub.CodeQL.PublicClass#sourceStuff() | true | supported | PublicClass.cs | library | source | type | unknown | classification | -| PublicClass.cs:45:17:45:25 | sinkStuff | GitHub.CodeQL.PublicClass#sinkStuff(System.String) | true | supported | PublicClass.cs | library | sink | type | unknown | classification | -| PublicClass.cs:50:17:50:28 | neutralStuff | GitHub.CodeQL.PublicClass#neutralStuff(System.String) | true | supported | PublicClass.cs | library | neutral | type | unknown | classification | -| PublicGenericClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicGenericClass<,>#stuff(T) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | -| PublicGenericClass.cs:12:17:12:26 | stuff2<> | GitHub.CodeQL.PublicGenericClass<,>#stuff2<>(T2) | false | supported | PublicGenericClass.cs | library | | type | unknown | classification | -| PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicGenericInterface<>#stuff(T) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | -| PublicGenericInterface.cs:9:10:9:19 | stuff2<> | GitHub.CodeQL.PublicGenericInterface<>#stuff2<>(T2) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | -| PublicGenericInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicGenericInterface<>#staticStuff(System.String) | false | supported | PublicGenericInterface.cs | library | | type | unknown | classification | -| PublicInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicInterface#stuff(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | -| PublicInterface.cs:9:29:9:31 | get_PublicProperty | GitHub.CodeQL.PublicInterface#get_PublicProperty() | false | supported | PublicInterface.cs | library | | type | unknown | classification | -| PublicInterface.cs:9:34:9:36 | set_PublicProperty | GitHub.CodeQL.PublicInterface#set_PublicProperty(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | -| PublicInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicInterface#staticStuff(System.String) | false | supported | PublicInterface.cs | library | | type | unknown | classification | +| PublicClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicClass#stuff(System.String) | false | PublicClass.cs | | +| PublicClass.cs:12:24:12:34 | staticStuff | GitHub.CodeQL.PublicClass#staticStuff(System.String) | false | PublicClass.cs | | +| PublicClass.cs:17:20:17:33 | protectedStuff | GitHub.CodeQL.PublicClass#protectedStuff(System.String) | false | PublicClass.cs | | +| PublicClass.cs:33:45:33:47 | get_PublicProperty | GitHub.CodeQL.PublicClass#get_PublicProperty() | false | PublicClass.cs | | +| PublicClass.cs:33:50:33:52 | set_PublicProperty | GitHub.CodeQL.PublicClass#set_PublicProperty(System.String) | false | PublicClass.cs | | +| PublicClass.cs:35:19:35:30 | summaryStuff | GitHub.CodeQL.PublicClass#summaryStuff(System.String) | true | PublicClass.cs | summary | +| PublicClass.cs:40:19:40:29 | sourceStuff | GitHub.CodeQL.PublicClass#sourceStuff() | true | PublicClass.cs | source | +| PublicClass.cs:45:17:45:25 | sinkStuff | GitHub.CodeQL.PublicClass#sinkStuff(System.String) | true | PublicClass.cs | sink | +| PublicClass.cs:50:17:50:28 | neutralStuff | GitHub.CodeQL.PublicClass#neutralStuff(System.String) | true | PublicClass.cs | neutral | +| PublicGenericClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicGenericClass<,>#stuff(T) | false | PublicGenericClass.cs | | +| PublicGenericClass.cs:12:17:12:26 | stuff2<> | GitHub.CodeQL.PublicGenericClass<,>#stuff2<>(T2) | false | PublicGenericClass.cs | | +| PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicGenericInterface<>#stuff(T) | false | PublicGenericInterface.cs | | +| PublicGenericInterface.cs:9:10:9:19 | stuff2<> | GitHub.CodeQL.PublicGenericInterface<>#stuff2<>(T2) | false | PublicGenericInterface.cs | | +| PublicGenericInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicGenericInterface<>#staticStuff(System.String) | false | PublicGenericInterface.cs | | +| PublicInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicInterface#stuff(System.String) | false | PublicInterface.cs | | +| PublicInterface.cs:9:29:9:31 | get_PublicProperty | GitHub.CodeQL.PublicInterface#get_PublicProperty() | false | PublicInterface.cs | | +| PublicInterface.cs:9:34:9:36 | set_PublicProperty | GitHub.CodeQL.PublicInterface#set_PublicProperty(System.String) | false | PublicInterface.cs | | +| PublicInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicInterface#staticStuff(System.String) | false | PublicInterface.cs | | From dc6def79d08645c486c1f1f4ca2a04c076af156e Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 25 Sep 2023 10:02:34 +0200 Subject: [PATCH 21/22] C#: Split API name column into separate columns --- .../modeleditor/ApplicationModeEndpoints.ql | 9 +++-- .../modeleditor/FrameworkModeEndpoints.ql | 6 ++-- .../ql/src/utils/modeleditor/ModelEditor.qll | 16 ++++----- .../ApplicationModeEndpoints.expected | 28 +++++++-------- .../FrameworkModeEndpoints.expected | 36 +++++++++---------- 5 files changed, 45 insertions(+), 50 deletions(-) diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql index ad40ebe91c41..8ddd82a8d1d5 100644 --- a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql @@ -12,13 +12,12 @@ import ModelEditor private Call aUsage(ExternalEndpoint api) { result.getTarget().getUnboundDeclaration() = api } -from - ExternalEndpoint endpoint, string apiName, boolean supported, Call usage, string type, - string classification +from ExternalEndpoint endpoint, boolean supported, Call usage, string type, string classification where - apiName = endpoint.getApiName() and supported = isSupported(endpoint) and usage = aUsage(endpoint) and type = supportedType(endpoint) and classification = methodClassification(usage) -select usage, apiName, supported, endpoint.dllName(), endpoint.dllVersion(), type, classification +select usage, endpoint.getNamespace(), endpoint.getTypeName(), endpoint.getName(), + endpoint.getParameterTypes(), supported, endpoint.dllName(), endpoint.dllVersion(), type, + classification diff --git a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql index 5924fb2526f4..913588872d55 100644 --- a/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql +++ b/csharp/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql @@ -10,9 +10,9 @@ import csharp import FrameworkModeEndpointsQuery import ModelEditor -from PublicEndpointFromSource endpoint, string apiName, boolean supported, string type +from PublicEndpointFromSource endpoint, boolean supported, string type where - apiName = endpoint.getApiName() and supported = isSupported(endpoint) and type = supportedType(endpoint) -select endpoint, apiName, supported, endpoint.getFile().getBaseName(), type +select endpoint, endpoint.getNamespace(), endpoint.getTypeName(), endpoint.getName(), + endpoint.getParameterTypes(), supported, endpoint.getFile().getBaseName(), type diff --git a/csharp/ql/src/utils/modeleditor/ModelEditor.qll b/csharp/ql/src/utils/modeleditor/ModelEditor.qll index 1b34b8e2e912..e7557c9ca871 100644 --- a/csharp/ql/src/utils/modeleditor/ModelEditor.qll +++ b/csharp/ql/src/utils/modeleditor/ModelEditor.qll @@ -25,26 +25,22 @@ class Endpoint extends Callable { } /** - * Gets the unbound type, name and parameter types of this API. + * Gets the namespace of this endpoint. */ bindingset[this] - private string getSignature() { - result = - nestedName(this.getDeclaringType().getUnboundDeclaration()) + "#" + this.getName() + "(" + - parameterQualifiedTypeNamesToString(this) + ")" - } + string getNamespace() { this.getDeclaringType().hasQualifiedName(result, _) } /** - * Gets the namespace of this API. + * Gets the unbound type name of this endpoint. */ bindingset[this] - string getNamespace() { this.getDeclaringType().hasQualifiedName(result, _) } + string getTypeName() { result = nestedName(this.getDeclaringType().getUnboundDeclaration()) } /** - * Gets the namespace and signature of this API. + * Gets the parameter types of this endpoint. */ bindingset[this] - string getApiName() { result = this.getNamespace() + "." + this.getSignature() } + string getParameterTypes() { result = parameterQualifiedTypeNamesToString(this) } private string getDllName() { result = this.getLocation().(Assembly).getName() } diff --git a/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected b/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected index 7093e608799b..2e6b25903410 100644 --- a/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected +++ b/csharp/ql/test/utils/modeleditor/ApplicationModeEndpoints.expected @@ -1,14 +1,14 @@ -| NonPublicClass.cs:9:9:9:31 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicClass.cs:9:9:9:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicClass.cs:14:9:14:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicClass.cs:19:9:19:51 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | System.Console | 7.0.0.0 | neutral | source | -| PublicClass.cs:19:33:19:50 | call to method ReadLine | System.Console#ReadLine() | true | System.Console | 7.0.0.0 | source | source | -| PublicClass.cs:24:9:24:46 | call to method Write | System.Console#Write(System.Object) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicClass.cs:24:23:24:45 | access to property BackgroundColor | System.Console#get_BackgroundColor() | true | System.Console | 7.0.0.0 | neutral | source | -| PublicClass.cs:25:9:25:31 | access to property ForegroundColor | System.Console#set_ForegroundColor(System.ConsoleColor) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicClass.cs:30:9:30:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicGenericClass.cs:9:9:9:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicGenericClass.cs:14:9:14:30 | call to method WriteLine | System.Console#WriteLine(System.Object) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicGenericInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | -| PublicInterface.cs:13:9:13:30 | call to method WriteLine | System.Console#WriteLine(System.String) | true | System.Console | 7.0.0.0 | neutral | source | +| NonPublicClass.cs:9:9:9:31 | call to method WriteLine | System | Console | WriteLine | System.String | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:9:9:9:30 | call to method WriteLine | System | Console | WriteLine | System.String | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:14:9:14:30 | call to method WriteLine | System | Console | WriteLine | System.String | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:19:9:19:51 | call to method WriteLine | System | Console | WriteLine | System.String | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:19:33:19:50 | call to method ReadLine | System | Console | ReadLine | | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:19:33:19:50 | call to method ReadLine | System | Console | ReadLine | | true | System.Console | 7.0.0.0 | source | source | +| PublicClass.cs:24:9:24:46 | call to method Write | System | Console | Write | System.Object | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:24:23:24:45 | access to property BackgroundColor | System | Console | get_BackgroundColor | | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:25:9:25:31 | access to property ForegroundColor | System | Console | set_ForegroundColor | System.ConsoleColor | true | System.Console | 7.0.0.0 | neutral | source | +| PublicClass.cs:30:9:30:30 | call to method WriteLine | System | Console | WriteLine | System.String | true | System.Console | 7.0.0.0 | neutral | source | +| PublicGenericClass.cs:9:9:9:30 | call to method WriteLine | System | Console | WriteLine | System.Object | true | System.Console | 7.0.0.0 | neutral | source | +| PublicGenericClass.cs:14:9:14:30 | call to method WriteLine | System | Console | WriteLine | System.Object | true | System.Console | 7.0.0.0 | neutral | source | +| PublicGenericInterface.cs:13:9:13:30 | call to method WriteLine | System | Console | WriteLine | System.String | true | System.Console | 7.0.0.0 | neutral | source | +| PublicInterface.cs:13:9:13:30 | call to method WriteLine | System | Console | WriteLine | System.String | true | System.Console | 7.0.0.0 | neutral | source | diff --git a/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected index da8a871266c7..6a46410d0a98 100644 --- a/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected +++ b/csharp/ql/test/utils/modeleditor/FrameworkModeEndpoints.expected @@ -1,18 +1,18 @@ -| PublicClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicClass#stuff(System.String) | false | PublicClass.cs | | -| PublicClass.cs:12:24:12:34 | staticStuff | GitHub.CodeQL.PublicClass#staticStuff(System.String) | false | PublicClass.cs | | -| PublicClass.cs:17:20:17:33 | protectedStuff | GitHub.CodeQL.PublicClass#protectedStuff(System.String) | false | PublicClass.cs | | -| PublicClass.cs:33:45:33:47 | get_PublicProperty | GitHub.CodeQL.PublicClass#get_PublicProperty() | false | PublicClass.cs | | -| PublicClass.cs:33:50:33:52 | set_PublicProperty | GitHub.CodeQL.PublicClass#set_PublicProperty(System.String) | false | PublicClass.cs | | -| PublicClass.cs:35:19:35:30 | summaryStuff | GitHub.CodeQL.PublicClass#summaryStuff(System.String) | true | PublicClass.cs | summary | -| PublicClass.cs:40:19:40:29 | sourceStuff | GitHub.CodeQL.PublicClass#sourceStuff() | true | PublicClass.cs | source | -| PublicClass.cs:45:17:45:25 | sinkStuff | GitHub.CodeQL.PublicClass#sinkStuff(System.String) | true | PublicClass.cs | sink | -| PublicClass.cs:50:17:50:28 | neutralStuff | GitHub.CodeQL.PublicClass#neutralStuff(System.String) | true | PublicClass.cs | neutral | -| PublicGenericClass.cs:7:17:7:21 | stuff | GitHub.CodeQL.PublicGenericClass<,>#stuff(T) | false | PublicGenericClass.cs | | -| PublicGenericClass.cs:12:17:12:26 | stuff2<> | GitHub.CodeQL.PublicGenericClass<,>#stuff2<>(T2) | false | PublicGenericClass.cs | | -| PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicGenericInterface<>#stuff(T) | false | PublicGenericInterface.cs | | -| PublicGenericInterface.cs:9:10:9:19 | stuff2<> | GitHub.CodeQL.PublicGenericInterface<>#stuff2<>(T2) | false | PublicGenericInterface.cs | | -| PublicGenericInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicGenericInterface<>#staticStuff(System.String) | false | PublicGenericInterface.cs | | -| PublicInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL.PublicInterface#stuff(System.String) | false | PublicInterface.cs | | -| PublicInterface.cs:9:29:9:31 | get_PublicProperty | GitHub.CodeQL.PublicInterface#get_PublicProperty() | false | PublicInterface.cs | | -| PublicInterface.cs:9:34:9:36 | set_PublicProperty | GitHub.CodeQL.PublicInterface#set_PublicProperty(System.String) | false | PublicInterface.cs | | -| PublicInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL.PublicInterface#staticStuff(System.String) | false | PublicInterface.cs | | +| PublicClass.cs:7:17:7:21 | stuff | GitHub.CodeQL | PublicClass | stuff | System.String | false | PublicClass.cs | | +| PublicClass.cs:12:24:12:34 | staticStuff | GitHub.CodeQL | PublicClass | staticStuff | System.String | false | PublicClass.cs | | +| PublicClass.cs:17:20:17:33 | protectedStuff | GitHub.CodeQL | PublicClass | protectedStuff | System.String | false | PublicClass.cs | | +| PublicClass.cs:33:45:33:47 | get_PublicProperty | GitHub.CodeQL | PublicClass | get_PublicProperty | | false | PublicClass.cs | | +| PublicClass.cs:33:50:33:52 | set_PublicProperty | GitHub.CodeQL | PublicClass | set_PublicProperty | System.String | false | PublicClass.cs | | +| PublicClass.cs:35:19:35:30 | summaryStuff | GitHub.CodeQL | PublicClass | summaryStuff | System.String | true | PublicClass.cs | summary | +| PublicClass.cs:40:19:40:29 | sourceStuff | GitHub.CodeQL | PublicClass | sourceStuff | | true | PublicClass.cs | source | +| PublicClass.cs:45:17:45:25 | sinkStuff | GitHub.CodeQL | PublicClass | sinkStuff | System.String | true | PublicClass.cs | sink | +| PublicClass.cs:50:17:50:28 | neutralStuff | GitHub.CodeQL | PublicClass | neutralStuff | System.String | true | PublicClass.cs | neutral | +| PublicGenericClass.cs:7:17:7:21 | stuff | GitHub.CodeQL | PublicGenericClass<,> | stuff | T | false | PublicGenericClass.cs | | +| PublicGenericClass.cs:12:17:12:26 | stuff2<> | GitHub.CodeQL | PublicGenericClass<,> | stuff2<> | T2 | false | PublicGenericClass.cs | | +| PublicGenericInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL | PublicGenericInterface<> | stuff | T | false | PublicGenericInterface.cs | | +| PublicGenericInterface.cs:9:10:9:19 | stuff2<> | GitHub.CodeQL | PublicGenericInterface<> | stuff2<> | T2 | false | PublicGenericInterface.cs | | +| PublicGenericInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL | PublicGenericInterface<> | staticStuff | System.String | false | PublicGenericInterface.cs | | +| PublicInterface.cs:7:10:7:14 | stuff | GitHub.CodeQL | PublicInterface | stuff | System.String | false | PublicInterface.cs | | +| PublicInterface.cs:9:29:9:31 | get_PublicProperty | GitHub.CodeQL | PublicInterface | get_PublicProperty | | false | PublicInterface.cs | | +| PublicInterface.cs:9:34:9:36 | set_PublicProperty | GitHub.CodeQL | PublicInterface | set_PublicProperty | System.String | false | PublicInterface.cs | | +| PublicInterface.cs:11:17:11:27 | staticStuff | GitHub.CodeQL | PublicInterface | staticStuff | System.String | false | PublicInterface.cs | | From 922ff7bb100188641bd01c79a91fb8b2902f3de0 Mon Sep 17 00:00:00 2001 From: Koen Vlaswinkel Date: Mon, 25 Sep 2023 10:03:18 +0200 Subject: [PATCH 22/22] C#: Remove unnecessary import --- .../ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll | 1 - 1 file changed, 1 deletion(-) diff --git a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll index 1e2c58e98932..74677778a7c1 100644 --- a/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll +++ b/csharp/ql/src/utils/modeleditor/ApplicationModeEndpointsQuery.qll @@ -2,7 +2,6 @@ private import csharp private import semmle.code.csharp.dataflow.ExternalFlow private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlowDispatch private import semmle.code.csharp.dataflow.internal.DataFlowPrivate -private import semmle.code.csharp.dataflow.internal.DataFlowImplCommon as DataFlowImplCommon private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate private import semmle.code.csharp.security.dataflow.flowsources.Remote private import ModelEditor