C#: Recognize format methods without insertion parameters

Author: hvitved

csharp/ql/src/semmle/code/csharp/frameworks/Format.qll

@@ -13,15 +13,13 @@ class FormatMethod extends Method {
     exists(Class declType | declType = this.getDeclaringType() |
       this.getParameter(0).getType() instanceof SystemIFormatProviderInterface and
       this.getParameter(1).getType() instanceof StringType and
-      this.getNumberOfParameters() >= 3 and
       (
         this = any(SystemStringClass c).getFormatMethod()
         or
         this = any(SystemTextStringBuilderClass c).getAppendFormatMethod()
       )
       or
       this.getParameter(0).getType() instanceof StringType and
-      this.getNumberOfParameters() >= 2 and
       (
         this = any(SystemStringClass c).getFormatMethod()
         or

csharp/ql/test/query-tests/API Abuse/FormatMissingArgument/FormatMissingArgument.cs

@@ -20,6 +20,9 @@ void TestFormatMissingArgument()
         String.Format("{0} {1} {2} {3}", 0, 1, 2, 3);
 
         helper("{1}");
+
+        // BAD: Missing {0}
+        Console.WriteLine("{0}");
     }
 
     void helper(string format)

csharp/ql/test/query-tests/API Abuse/FormatMissingArgument/FormatMissingArgument.expected

@@ -5,18 +5,20 @@ nodes
 | FormatMissingArgument.cs:17:23:17:35 | "{0} {1} {2}" | semmle.label | "{0} {1} {2}" |
 | FormatMissingArgument.cs:20:23:20:39 | "{0} {1} {2} {3}" | semmle.label | "{0} {1} {2} {3}" |
 | FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | semmle.label | "{1}" : String |
-| FormatMissingArgument.cs:25:24:25:29 | format : String | semmle.label | format : String |
-| FormatMissingArgument.cs:28:23:28:28 | access to parameter format | semmle.label | access to parameter format |
+| FormatMissingArgument.cs:25:27:25:31 | "{0}" | semmle.label | "{0}" |
+| FormatMissingArgument.cs:28:24:28:29 | format : String | semmle.label | format : String |
+| FormatMissingArgument.cs:31:23:31:28 | access to parameter format | semmle.label | access to parameter format |
 | FormatMissingArgumentBad.cs:7:27:7:41 | "Hello {0} {1}" | semmle.label | "Hello {0} {1}" |
 | FormatMissingArgumentBad.cs:8:27:8:41 | "Hello {1} {2}" | semmle.label | "Hello {1} {2}" |
 | FormatMissingArgumentGood.cs:7:27:7:41 | "Hello {0} {1}" | semmle.label | "Hello {0} {1}" |
 edges
-| FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | FormatMissingArgument.cs:25:24:25:29 | format : String |
-| FormatMissingArgument.cs:25:24:25:29 | format : String | FormatMissingArgument.cs:28:23:28:28 | access to parameter format |
+| FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | FormatMissingArgument.cs:28:24:28:29 | format : String |
+| FormatMissingArgument.cs:28:24:28:29 | format : String | FormatMissingArgument.cs:31:23:31:28 | access to parameter format |
 #select
 | FormatMissingArgument.cs:11:9:11:31 | call to method Format | FormatMissingArgument.cs:11:23:11:27 | "{1}" | FormatMissingArgument.cs:11:23:11:27 | "{1}" | Argument '{1}' has not been supplied to $@ format string. | FormatMissingArgument.cs:11:23:11:27 | "{1}" | this |
 | FormatMissingArgument.cs:14:9:14:38 | call to method Format | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | Argument '{2}' has not been supplied to $@ format string. | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | this |
 | FormatMissingArgument.cs:14:9:14:38 | call to method Format | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | Argument '{3}' has not been supplied to $@ format string. | FormatMissingArgument.cs:14:23:14:31 | "{2} {3}" | this |
-| FormatMissingArgument.cs:28:9:28:32 | call to method Format | FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | FormatMissingArgument.cs:28:23:28:28 | access to parameter format | Argument '{1}' has not been supplied to $@ format string. | FormatMissingArgument.cs:22:16:22:20 | "{1}" | this |
+| FormatMissingArgument.cs:25:9:25:32 | call to method WriteLine | FormatMissingArgument.cs:25:27:25:31 | "{0}" | FormatMissingArgument.cs:25:27:25:31 | "{0}" | Argument '{0}' has not been supplied to $@ format string. | FormatMissingArgument.cs:25:27:25:31 | "{0}" | this |
+| FormatMissingArgument.cs:31:9:31:32 | call to method Format | FormatMissingArgument.cs:22:16:22:20 | "{1}" : String | FormatMissingArgument.cs:31:23:31:28 | access to parameter format | Argument '{1}' has not been supplied to $@ format string. | FormatMissingArgument.cs:22:16:22:20 | "{1}" | this |
 | FormatMissingArgumentBad.cs:7:9:7:49 | call to method WriteLine | FormatMissingArgumentBad.cs:7:27:7:41 | "Hello {0} {1}" | FormatMissingArgumentBad.cs:7:27:7:41 | "Hello {0} {1}" | Argument '{1}' has not been supplied to $@ format string. | FormatMissingArgumentBad.cs:7:27:7:41 | "Hello {0} {1}" | this |
 | FormatMissingArgumentBad.cs:8:9:8:55 | call to method WriteLine | FormatMissingArgumentBad.cs:8:27:8:41 | "Hello {1} {2}" | FormatMissingArgumentBad.cs:8:27:8:41 | "Hello {1} {2}" | Argument '{2}' has not been supplied to $@ format string. | FormatMissingArgumentBad.cs:8:27:8:41 | "Hello {1} {2}" | this |