Skip to content

C#: Add more data flow tests #1301

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
May 3, 2019
Merged

C#: Add more data flow tests #1301

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions csharp/ql/test/library-tests/dataflow/global/DataFlow.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,3 +38,7 @@
| Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x |
| Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x |
| Splitting.cs:11:19:11:19 | access to local variable x |
| Splitting.cs:21:28:21:32 | access to parameter value |
| Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x |
| Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x |
| Splitting.cs:34:19:34:19 | access to local variable x |
1,683 changes: 1,683 additions & 0 deletions csharp/ql/test/library-tests/dataflow/global/DataFlowEdges.expected
View file
Open in desktop

Large diffs are not rendered by default.

12 changes: 12 additions & 0 deletions csharp/ql/test/library-tests/dataflow/global/DataFlowEdges.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
import csharp
import DataFlow

class ConfigAny extends Configuration {
ConfigAny() { this = "ConfigAny" }

override predicate isSource(Node source) { any() }

override predicate isSink(Node sink) { any() }
}

query predicate edges(PathNode a, PathNode b) { a.getASuccessor() = b }
41 changes: 41 additions & 0 deletions csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -189,6 +189,23 @@ edges
| Splitting.cs:8:24:8:30 | [b (line 3): false] access to parameter tainted | Splitting.cs:8:17:8:31 | [b (line 3): false] call to method Return |
| Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return |
| Splitting.cs:8:24:8:30 | [b (line 3): true] access to parameter tainted | Splitting.cs:8:17:8:31 | [b (line 3): true] call to method Return |
| Splitting.cs:21:9:21:11 | value | Splitting.cs:21:28:21:32 | access to parameter value |
| Splitting.cs:24:28:24:34 | tainted | Splitting.cs:30:17:30:23 | [b (line 24): false] access to parameter tainted |
| Splitting.cs:24:28:24:34 | tainted | Splitting.cs:30:17:30:23 | [b (line 24): true] access to parameter tainted |
| Splitting.cs:24:28:24:34 | tainted | Splitting.cs:31:19:31:25 | [b (line 24): false] access to parameter tainted |
| Splitting.cs:24:28:24:34 | tainted | Splitting.cs:31:19:31:25 | [b (line 24): true] access to parameter tainted |
| Splitting.cs:30:17:30:23 | [b (line 24): false] access to parameter tainted | Splitting.cs:21:9:21:11 | value |
| Splitting.cs:30:17:30:23 | [b (line 24): true] access to parameter tainted | Splitting.cs:21:9:21:11 | value |
| Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element | Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x |
| Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element | Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x |
| Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element | Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x |
| Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element | Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x |
| Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element | Splitting.cs:34:19:34:19 | access to local variable x |
| Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element | Splitting.cs:34:19:34:19 | access to local variable x |
| Splitting.cs:31:19:31:25 | [b (line 24): false] access to parameter tainted | Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element |
| Splitting.cs:31:19:31:25 | [b (line 24): false] access to parameter tainted | Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element |
| Splitting.cs:31:19:31:25 | [b (line 24): true] access to parameter tainted | Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element |
| Splitting.cs:31:19:31:25 | [b (line 24): true] access to parameter tainted | Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element |
nodes
| Capture.cs:7:20:7:26 | tainted |
| Capture.cs:9:9:13:9 | SSA capture def(tainted) |
Expand Down Expand Up @@ -337,7 +354,28 @@ nodes
| Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x |
| Splitting.cs:11:19:11:19 | access to local variable x |
| Splitting.cs:11:19:11:19 | access to local variable x |
| Splitting.cs:21:9:21:11 | value |
| Splitting.cs:21:28:21:32 | access to parameter value |
| Splitting.cs:24:28:24:34 | tainted |
| Splitting.cs:30:17:30:23 | [b (line 24): false] access to parameter tainted |
| Splitting.cs:30:17:30:23 | [b (line 24): true] access to parameter tainted |
| Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element |
| Splitting.cs:31:17:31:26 | [b (line 24): false] dynamic access to element |
| Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element |
| Splitting.cs:31:17:31:26 | [b (line 24): true] dynamic access to element |
| Splitting.cs:31:19:31:25 | [b (line 24): false] access to parameter tainted |
| Splitting.cs:31:19:31:25 | [b (line 24): true] access to parameter tainted |
| Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x |
| Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x |
| Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x |
| Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x |
| Splitting.cs:34:19:34:19 | access to local variable x |
| Splitting.cs:34:19:34:19 | access to local variable x |
#select
| Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x | Splitting.cs:24:28:24:34 | tainted | Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x | [b (line 24): false] access to local variable x |
| Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x | Splitting.cs:24:28:24:34 | tainted | Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x | [b (line 24): false] access to local variable x |
| Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x | Splitting.cs:24:28:24:34 | tainted | Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x | [b (line 24): true] access to local variable x |
| Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x | Splitting.cs:24:28:24:34 | tainted | Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x | [b (line 24): true] access to local variable x |
| Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | Splitting.cs:3:28:3:34 | tainted | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | [b (line 3): false] access to local variable x |
| Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | Splitting.cs:3:28:3:34 | tainted | Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x | [b (line 3): false] access to local variable x |
| Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | Splitting.cs:3:28:3:34 | tainted | Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x | [b (line 3): true] access to local variable x |
Expand Down Expand Up @@ -372,6 +410,8 @@ nodes
| GlobalDataFlow.cs:177:15:177:19 | access to local variable sink9 | GlobalDataFlow.cs:175:35:175:48 | "taint source" | GlobalDataFlow.cs:177:15:177:19 | access to local variable sink9 | access to local variable sink9 |
| Splitting.cs:11:19:11:19 | access to local variable x | Splitting.cs:3:28:3:34 | tainted | Splitting.cs:11:19:11:19 | access to local variable x | access to local variable x |
| Splitting.cs:11:19:11:19 | access to local variable x | Splitting.cs:3:28:3:34 | tainted | Splitting.cs:11:19:11:19 | access to local variable x | access to local variable x |
| Splitting.cs:34:19:34:19 | access to local variable x | Splitting.cs:24:28:24:34 | tainted | Splitting.cs:34:19:34:19 | access to local variable x | access to local variable x |
| Splitting.cs:34:19:34:19 | access to local variable x | Splitting.cs:24:28:24:34 | tainted | Splitting.cs:34:19:34:19 | access to local variable x | access to local variable x |
| GlobalDataFlow.cs:233:15:233:24 | access to parameter sinkParam0 | GlobalDataFlow.cs:17:27:17:40 | "taint source" | GlobalDataFlow.cs:233:15:233:24 | access to parameter sinkParam0 | access to parameter sinkParam0 |
| GlobalDataFlow.cs:233:15:233:24 | access to parameter sinkParam0 | GlobalDataFlow.cs:17:27:17:40 | "taint source" | GlobalDataFlow.cs:233:15:233:24 | access to parameter sinkParam0 | access to parameter sinkParam0 |
| GlobalDataFlow.cs:238:15:238:24 | access to parameter sinkParam1 | GlobalDataFlow.cs:17:27:17:40 | "taint source" | GlobalDataFlow.cs:238:15:238:24 | access to parameter sinkParam1 | access to parameter sinkParam1 |
Expand All @@ -381,4 +421,5 @@ nodes
| GlobalDataFlow.cs:253:15:253:24 | access to parameter sinkParam5 | GlobalDataFlow.cs:17:27:17:40 | "taint source" | GlobalDataFlow.cs:253:15:253:24 | access to parameter sinkParam5 | access to parameter sinkParam5 |
| GlobalDataFlow.cs:258:15:258:24 | access to parameter sinkParam6 | GlobalDataFlow.cs:17:27:17:40 | "taint source" | GlobalDataFlow.cs:258:15:258:24 | access to parameter sinkParam6 | access to parameter sinkParam6 |
| GlobalDataFlow.cs:263:15:263:24 | access to parameter sinkParam7 | GlobalDataFlow.cs:17:27:17:40 | "taint source" | GlobalDataFlow.cs:263:15:263:24 | access to parameter sinkParam7 | access to parameter sinkParam7 |
| Splitting.cs:21:28:21:32 | access to parameter value | Splitting.cs:24:28:24:34 | tainted | Splitting.cs:21:28:21:32 | access to parameter value | access to parameter value |
| GlobalDataFlow.cs:26:15:26:32 | access to property SinkProperty0 | GlobalDataFlow.cs:17:27:17:40 | "taint source" | GlobalDataFlow.cs:26:15:26:32 | access to property SinkProperty0 | access to property SinkProperty0 |
19 changes: 19 additions & 0 deletions csharp/ql/test/library-tests/dataflow/global/Splitting.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,23 @@ void M1(bool b, string tainted)
static void Check<T>(T x) { }

static T Return<T>(T x) => x;

string this[string s]
{
get { return Return(s); }
set { Check(Return(value)); }
}

void M2(bool b, string tainted)
{
if (b)
if (tainted == null)
return;
dynamic d = this;
d[""] = tainted;
var x = d[tainted];
Check(x);
if (b)
Check(x);
}
}
4 changes: 4 additions & 0 deletions csharp/ql/test/library-tests/dataflow/global/TaintTracking.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,7 @@
| Splitting.cs:9:15:9:15 | [b (line 3): false] access to local variable x |
| Splitting.cs:9:15:9:15 | [b (line 3): true] access to local variable x |
| Splitting.cs:11:19:11:19 | access to local variable x |
| Splitting.cs:21:28:21:32 | access to parameter value |
| Splitting.cs:32:15:32:15 | [b (line 24): false] access to local variable x |
| Splitting.cs:32:15:32:15 | [b (line 24): true] access to local variable x |
| Splitting.cs:34:19:34:19 | access to local variable x |
Loading