Skip to content

C#: Model NHibernate framework #1021

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 11, 2019
Merged

C#: Model NHibernate framework #1021

merged 3 commits into from
Mar 11, 2019

Conversation

calumgrant
Copy link
Contributor

Follows a very similar structure to #912, and is based on that PR. Only the last 2 commits need reviewing. Will resolve the merge conflict once #912 is merged.

Summary of changes:

  1. Find SQL expressions that are SQLExpr and therefore vulnerable to SQL injection.
  2. Find stored flow sources.
  3. Implement dataflow through stored properties.

As usual, most of the work involves exploring and experimenting with the API. There are also XML specifications (.hbm.xml files) that specify the mapping, but in the end these files didn't appear to add much value.

@calumgrant calumgrant added the C# label Mar 1, 2019
@calumgrant calumgrant added this to the 1.20 milestone Mar 1, 2019
@calumgrant calumgrant requested a review from hvitved March 1, 2019 13:51
@calumgrant calumgrant requested a review from a team as a code owner March 1, 2019 13:51
@aibaars aibaars changed the base branch from master to rc/1.20 March 1, 2019 17:54
hvitved
hvitved requested changes Mar 4, 2019
View reviewed changes
Copy link
Contributor

@hvitved hvitved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good stuff, just two small comments.

csharp/ql/src/semmle/code/csharp/frameworks/NHibernate.qll Outdated

/** A mapped class that is mapped because it is used as a type argument. */
private class MappedByTypeArgument extends MappedClass {
UnboundGeneric gen;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove

csharp/ql/src/semmle/code/csharp/frameworks/NHibernate.qll
this = e.getType()
) and
not this instanceof ObjectType and
not this.getABaseInterface*() instanceof SystemCollectionsIEnumerableInterface and
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sometimes, the argument could be a List or a Dictionary which isn't supposed to be mapped. This happened on the NHibernate-Core codebase anyway.

@hvitved hvitved merged commit c6fdcf4 into github:rc/1.20 Mar 11, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hvitved hvitved hvitved approved these changes

Assignees
No one assigned
Labels
C#
Projects
None yet
Milestone
1.20
Development

Successfully merging this pull request may close these issues.
2 participants
@calumgrant @hvitved