Merge pull request #70 from GitHubSecurityLab/csharp/refactortests

C#: Re-factor some of the existing tests.

Author: michaelnebel

csharp/src/library_sources/ExternalAPIsQuery.qll

@@ -11,8 +11,21 @@ private import semmle.code.csharp.dataflow.FlowSummary
 // SECLAB: Import CSV utils
 private import semmle.code.csharp.dataflow.internal.ExternalFlow as ExternalFlow
 
-// SECLAB: Import Csv::asPartialModel
-predicate asPartialModel = ExternalFlow::asPartialModel/1;
+/**
+ * Computes the first 6 columns for MaD rows used for summaries, sources and sinks.
+ */
+private string asPartialModel(Callable api) {
+  exists(string container, string type, string extensible, string name, string parameters |
+    ExternalFlow::partialModel(api, container, type, extensible, name, parameters) and
+    result =
+      container + ";" //
+        + type + ";" //
+        + extensible + ";" //
+        + name + ";" //
+        + parameters + ";" //
+        + /* ext + */ ";" //
+  )
+}
 
 /**
  * A callable that is considered a "safe" external API from a security perspective.
@@ -100,7 +113,7 @@ deprecated class UntrustedDataToExternalApiConfig extends TaintTracking::Configu
 
 /** A configuration for tracking flow from `ThreatModelFlowSource`s to `ExternalApiDataNode`s. */
 private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig {
-  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+  predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource }
 
   predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode }
 }

csharp/test/TestUtilities/PrettyPrintModels.ql

@@ -0,0 +1,11 @@
+/**
+ * @kind test-postprocess
+ */
+
+import semmle.code.csharp.dataflow.internal.ExternalFlow
+import codeql.dataflow.test.ProvenancePathGraph
+import codeql.dataflow.test.ProvenancePathGraph::TestPostProcessing::TranslateProvenanceResults<interpretModelForTest/2>
+
+from string relation, int row, int column, string data
+where results(relation, row, column, data)
+select relation, row, column, data

csharp/test/resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.CSharp.cs

@@ -0,0 +1,68 @@
+// This file contains auto-generated code.
+// Generated from `Microsoft.CSharp, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a`.
+namespace Microsoft
+{
+    namespace CSharp
+    {
+        namespace RuntimeBinder
+        {
+            public static class Binder
+            {
+                public static System.Runtime.CompilerServices.CallSiteBinder BinaryOperation(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, System.Linq.Expressions.ExpressionType operation, System.Type context, System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo> argumentInfo) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder Convert(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, System.Type type, System.Type context) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder GetIndex(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, System.Type context, System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo> argumentInfo) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder GetMember(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, string name, System.Type context, System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo> argumentInfo) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder Invoke(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, System.Type context, System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo> argumentInfo) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder InvokeConstructor(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, System.Type context, System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo> argumentInfo) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder InvokeMember(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, string name, System.Collections.Generic.IEnumerable<System.Type> typeArguments, System.Type context, System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo> argumentInfo) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder IsEvent(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, string name, System.Type context) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder SetIndex(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, System.Type context, System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo> argumentInfo) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder SetMember(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, string name, System.Type context, System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo> argumentInfo) => throw null;
+                public static System.Runtime.CompilerServices.CallSiteBinder UnaryOperation(Microsoft.CSharp.RuntimeBinder.CSharpBinderFlags flags, System.Linq.Expressions.ExpressionType operation, System.Type context, System.Collections.Generic.IEnumerable<Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo> argumentInfo) => throw null;
+            }
+            public sealed class CSharpArgumentInfo
+            {
+                public static Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfo Create(Microsoft.CSharp.RuntimeBinder.CSharpArgumentInfoFlags flags, string name) => throw null;
+            }
+            [System.Flags]
+            public enum CSharpArgumentInfoFlags
+            {
+                None = 0,
+                UseCompileTimeType = 1,
+                Constant = 2,
+                NamedArgument = 4,
+                IsRef = 8,
+                IsOut = 16,
+                IsStaticType = 32,
+            }
+            [System.Flags]
+            public enum CSharpBinderFlags
+            {
+                None = 0,
+                CheckedContext = 1,
+                InvokeSimpleName = 2,
+                InvokeSpecialName = 4,
+                BinaryOperationLogical = 8,
+                ConvertExplicit = 16,
+                ConvertArrayIndex = 32,
+                ResultIndexed = 64,
+                ValueFromCompoundAssignment = 128,
+                ResultDiscarded = 256,
+            }
+            public class RuntimeBinderException : System.Exception
+            {
+                public RuntimeBinderException() => throw null;
+                protected RuntimeBinderException(System.Runtime.Serialization.SerializationInfo info, System.Runtime.Serialization.StreamingContext context) => throw null;
+                public RuntimeBinderException(string message) => throw null;
+                public RuntimeBinderException(string message, System.Exception innerException) => throw null;
+            }
+            public class RuntimeBinderInternalCompilerException : System.Exception
+            {
+                public RuntimeBinderInternalCompilerException() => throw null;
+                protected RuntimeBinderInternalCompilerException(System.Runtime.Serialization.SerializationInfo info, System.Runtime.Serialization.StreamingContext context) => throw null;
+                public RuntimeBinderInternalCompilerException(string message) => throw null;
+                public RuntimeBinderInternalCompilerException(string message, System.Exception innerException) => throw null;
+            }
+        }
+    }
+}

csharp/test/resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj

@@ -0,0 +1,9 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <OutputPath>bin\</OutputPath>
+    <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
+  </PropertyGroup>
+
+</Project>