Merge pull request #7389 from michaelnebel/csharp-mad-io

michaelnebel · web-flow · commit c5728b295156 · 2021-12-14T15:49:08.000+01:00
C#: Convert flow summaries to CSV for System.IO.*
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll
@@ -99,6 +99,7 @@ private module Frameworks {
   private import semmle.code.csharp.frameworks.system.web.ui.WebControls
   private import semmle.code.csharp.frameworks.JsonNET
   private import semmle.code.csharp.frameworks.system.IO
+  private import semmle.code.csharp.frameworks.system.io.Compression
 }
 
 /**
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll
@@ -6,8 +6,6 @@ import csharp
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.Collections
 private import semmle.code.csharp.frameworks.system.collections.Generic
-private import semmle.code.csharp.frameworks.system.IO
-private import semmle.code.csharp.frameworks.system.io.Compression
 private import semmle.code.csharp.frameworks.system.linq.Expressions
 private import semmle.code.csharp.frameworks.system.Net
 private import semmle.code.csharp.frameworks.system.Text
@@ -1779,74 +1777,6 @@ library class SystemTextEncodingFlow extends LibraryTypeDataFlow, SystemTextEnco
   }
 }
 
-/** Data flow for `System.IO.MemoryStream`. */
-library class SystemIOMemoryStreamFlow extends LibraryTypeDataFlow, SystemIOMemoryStreamClass {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    (
-      this.constructorFlow(source, sink, c)
-      or
-      c = this.getToArrayMethod().getAnOverrider*() and
-      source = TCallableFlowSourceQualifier() and
-      sink = TCallableFlowSinkReturn()
-    ) and
-    preservesValue = false
-  }
-
-  private predicate constructorFlow(CallableFlowSource source, CallableFlowSink sink, Constructor c) {
-    c = this.getAMember() and
-    c.getParameter(0).getType().(ArrayType).getElementType() instanceof ByteType and
-    source = TCallableFlowSourceArg(0) and
-    sink = TCallableFlowSinkReturn()
-  }
-}
-
-/** Data flow for `System.IO.Stream`. */
-class SystemIOStreamFlow extends LibraryTypeDataFlow, SystemIOStreamClass {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    (
-      c = this.getAReadMethod().getAnOverrider*() and
-      c.getParameter(0).getType().(ArrayType).getElementType() instanceof ByteType and
-      sink = TCallableFlowSinkArg(0) and
-      source = TCallableFlowSourceQualifier()
-      or
-      c = this.getAWriteMethod().getAnOverrider*() and
-      c.getParameter(0).getType().(ArrayType).getElementType() instanceof ByteType and
-      source = TCallableFlowSourceArg(0) and
-      sink = TCallableFlowSinkQualifier()
-      or
-      c = any(Method m | m = this.getAMethod() and m.getName().matches("CopyTo%")).getAnOverrider*() and
-      c.getParameter(0).getType() instanceof SystemIOStreamClass and
-      source = TCallableFlowSourceQualifier() and
-      sink = TCallableFlowSinkArg(0)
-    ) and
-    preservesValue = false
-  }
-}
-
-/** Data flow for `System.IO.Compression.DeflateStream`. */
-class SystemIOCompressionDeflateStreamFlow extends LibraryTypeDataFlow,
-  SystemIOCompressionDeflateStream {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    this.constructorFlow(source, sink, c) and
-    preservesValue = false
-  }
-
-  private predicate constructorFlow(CallableFlowSource source, CallableFlowSink sink, Constructor c) {
-    c = this.getAMember() and
-    source = TCallableFlowSourceArg(0) and
-    sink = TCallableFlowSinkReturn()
-  }
-}
-
 /** Data flow for `System.Xml.XmlReader`. */
 class SystemXmlXmlReaderFlow extends LibraryTypeDataFlow, SystemXmlXmlReaderClass {
   override predicate callableFlow(
@@ -1908,31 +1838,6 @@ class SystemXmlXmlNamedNodeMapFlow extends LibraryTypeDataFlow, SystemXmlXmlName
   }
 }
 
-/** Data flow for `System.IO.Path`. */
-class SystemIOPathFlow extends LibraryTypeDataFlow, SystemIOPathClass {
-  override predicate callableFlow(
-    CallableFlowSource source, AccessPath sourceAp, CallableFlowSink sink, AccessPath sinkAp,
-    SourceDeclarationCallable c, boolean preservesValue
-  ) {
-    c = this.getAMethod("Combine") and
-    source = getFlowSourceArg(c, _, sourceAp) and
-    sink = TCallableFlowSinkReturn() and
-    sinkAp = AccessPath::empty() and
-    preservesValue = false
-    or
-    exists(Parameter p |
-      c = this.getAMethod() and
-      c.getName().matches("Get%") and
-      p = c.getAParameter() and
-      p.hasName("path") and
-      source = getFlowSourceArg(c, p.getPosition(), sourceAp) and
-      sink = TCallableFlowSinkReturn() and
-      sinkAp = AccessPath::empty() and
-      preservesValue = false
-    )
-  }
-}
-
 /**
  * Custom flow through `StringValues` library class.
  */
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/IO.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/IO.qll
@@ -42,6 +42,38 @@ class SystemIOPathClass extends SystemIOClass {
   SystemIOPathClass() { this.hasName("Path") }
 }
 
+/** Data flow for `System.IO.Path`. */
+private class SystemIOPathFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.IO;Path;false;Combine;(System.String,System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;Combine;(System.String,System.String);;Argument[1];ReturnValue;taint",
+        "System.IO;Path;false;Combine;(System.String,System.String,System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;Combine;(System.String,System.String,System.String);;Argument[1];ReturnValue;taint",
+        "System.IO;Path;false;Combine;(System.String,System.String,System.String);;Argument[2];ReturnValue;taint",
+        "System.IO;Path;false;Combine;(System.String,System.String,System.String,System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;Combine;(System.String,System.String,System.String,System.String);;Argument[1];ReturnValue;taint",
+        "System.IO;Path;false;Combine;(System.String,System.String,System.String,System.String);;Argument[2];ReturnValue;taint",
+        "System.IO;Path;false;Combine;(System.String,System.String,System.String,System.String);;Argument[3];ReturnValue;taint",
+        "System.IO;Path;false;Combine;(System.String[]);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetDirectoryName;(System.ReadOnlySpan<System.Char>);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetDirectoryName;(System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetExtension;(System.ReadOnlySpan<System.Char>);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetExtension;(System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetFileName;(System.ReadOnlySpan<System.Char>);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetFileName;(System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetFileNameWithoutExtension;(System.ReadOnlySpan<System.Char>);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetFileNameWithoutExtension;(System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetFullPath;(System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetFullPath;(System.String,System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetPathRoot;(System.ReadOnlySpan<System.Char>);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetPathRoot;(System.String);;Argument[0];ReturnValue;taint",
+        "System.IO;Path;false;GetRelativePath;(System.String,System.String);;Argument[1];ReturnValue;taint"
+      ]
+  }
+}
+
 /** Data flow for `System.IO.TextReader`. */
 private class SystemIOTextReaderFlowModelCsv extends SummaryModelCsv {
   override predicate row(string row) {
@@ -112,6 +144,29 @@ class SystemIOStreamClass extends SystemIOClass {
   }
 }
 
+/** Data flow for `System.IO.Stream`. */
+private class SystemIOStreamFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.IO;Stream;false;CopyTo;(System.IO.Stream);;Argument[-1];Argument[0];taint",
+        "System.IO;Stream;false;CopyToAsync;(System.IO.Stream);;Argument[-1];Argument[0];taint",
+        "System.IO;Stream;false;CopyToAsync;(System.IO.Stream,System.Int32);;Argument[-1];Argument[0];taint",
+        "System.IO;Stream;false;CopyToAsync;(System.IO.Stream,System.Threading.CancellationToken);;Argument[-1];Argument[0];taint",
+        "System.IO;Stream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32);;Argument[-1];Element of Argument[0];taint",
+        "System.IO;Stream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32);;Element of Argument[0];Argument[-1];taint",
+        "System.IO;Stream;true;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[-1];Element of Argument[0];taint",
+        "System.IO;Stream;true;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Element of Argument[0];Argument[-1];taint",
+        "System.IO;Stream;true;CopyTo;(System.IO.Stream,System.Int32);;Argument[-1];Argument[0];taint",
+        "System.IO;Stream;true;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);;Argument[-1];Argument[0];taint",
+        "System.IO;Stream;true;Read;(System.Byte[],System.Int32,System.Int32);;Argument[-1];Element of Argument[0];taint",
+        "System.IO;Stream;true;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[-1];Element of Argument[0];taint",
+        "System.IO;Stream;true;Write;(System.Byte[],System.Int32,System.Int32);;Element of Argument[0];Argument[-1];taint",
+        "System.IO;Stream;true;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Element of Argument[0];Argument[-1];taint"
+      ]
+  }
+}
+
 /** The `System.IO.MemoryStream` class. */
 class SystemIOMemoryStreamClass extends SystemIOClass {
   SystemIOMemoryStreamClass() { this.hasName("MemoryStream") }
@@ -122,3 +177,17 @@ class SystemIOMemoryStreamClass extends SystemIOClass {
     result.hasName("ToArray")
   }
 }
+
+private class SystemIOMemoryStreamFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.IO;MemoryStream;false;MemoryStream;(System.Byte[]);;Argument[0];ReturnValue;taint",
+        "System.IO;MemoryStream;false;MemoryStream;(System.Byte[],System.Boolean);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;MemoryStream;false;MemoryStream;(System.Byte[],System.Int32,System.Int32);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;MemoryStream;false;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;MemoryStream;false;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean,System.Boolean);;Element of Argument[0];ReturnValue;taint",
+        "System.IO;MemoryStream;false;ToArray;();;Argument[-1];ReturnValue;taint"
+      ]
+  }
+}
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/system/io/Compression.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/system/io/Compression.qll
@@ -2,6 +2,7 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.IO
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.IO.Compression` namespace. */
 class SystemIOCompressionNamespace extends Namespace {
@@ -20,3 +21,16 @@ class SystemIOCompressionClass extends Class {
 class SystemIOCompressionDeflateStream extends SystemIOCompressionClass {
   SystemIOCompressionDeflateStream() { this.hasName("DeflateStream") }
 }
+
+/** Data flow for `System.IO.Compression.DeflateStream`. */
+private class SystemIOCompressionDeflateStreamFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.IO.Compression;DeflateStream;false;DeflateStream;(System.IO.Stream,System.IO.Compression.CompressionLevel);;Argument[0];ReturnValue;taint",
+        "System.IO.Compression;DeflateStream;false;DeflateStream;(System.IO.Stream,System.IO.Compression.CompressionLevel,System.Boolean);;Argument[0];ReturnValue;taint",
+        "System.IO.Compression;DeflateStream;false;DeflateStream;(System.IO.Stream,System.IO.Compression.CompressionMode);;Argument[0];ReturnValue;taint",
+        "System.IO.Compression;DeflateStream;false;DeflateStream;(System.IO.Stream,System.IO.Compression.CompressionMode,System.Boolean);;Argument[0];ReturnValue;taint"
+      ]
+  }
+}
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected

Original file line number	Diff line number	Diff line change
`@@ -99,6 +99,7 @@ private module Frameworks {`
`99`	`99`	`private import semmle.code.csharp.frameworks.system.web.ui.WebControls`
`100`	`100`	`private import semmle.code.csharp.frameworks.JsonNET`
`101`	`101`	`private import semmle.code.csharp.frameworks.system.IO`
	`102`	`+ private import semmle.code.csharp.frameworks.system.io.Compression`
`102`	`103`	`}`
`103`	`104`
`104`	`105`	`/**`