Merge branch 'main' into experimental-decompression-api

Author: thiggy1342

.gitignore

@@ -58,3 +58,6 @@ go/main
 # node_modules folders except in the JS test suite
 node_modules/
 !/javascript/ql/test/**/node_modules/
+
+# Temporary folders for working with generated models
+.model-temp

cpp/ql/test/TestUtilities/InlineExpectationsTest.qll

@@ -239,12 +239,24 @@ private string getColumnString(TColumn column) {
 
 /**
  * RegEx pattern to match a single expected result, not including the leading `$`. It consists of one or
- * more comma-separated tags containing only letters, digits, `-` and `_` (note that the first character
- * must not be a digit), optionally followed by `=` and the expected value.
+ * more comma-separated tags optionally followed by `=` and the expected value.
+ *
+ * Tags must be only letters, digits, `-` and `_` (note that the first character
+ * must not be a digit), but can contain anything enclosed in a single set of
+ * square brackets.
+ *
+ * Examples:
+ * - `tag`
+ * - `tag=value`
+ * - `tag,tag2=value`
+ * - `tag[foo bar]=value`
+ *
+ * Not allowed:
+ * - `tag[[[foo bar]`
  */
 private string expectationPattern() {
   exists(string tag, string tags, string value |
-    tag = "[A-Za-z-_][A-Za-z-_0-9]*" and
+    tag = "[A-Za-z-_](?:[A-Za-z-_0-9]|\\[[^\\]\\]]*\\])*" and
     tags = "((?:" + tag + ")(?:\\s*,\\s*" + tag + ")*)" and
     // In Python, we allow both `"` and `'` for strings, as well as the prefixes `bru`.
     // For example, `b"foo"`.

csharp/extractor/Semmle.Extraction.CSharp/Entities/ImplicitMainMethod.cs

@@ -0,0 +1,36 @@
+using Microsoft.CodeAnalysis;
+using Microsoft.CodeAnalysis.CSharp.Syntax;
+using Semmle.Extraction.CSharp.Entities.Statements;
+using System.Collections.Generic;
+using System.IO;
+
+namespace Semmle.Extraction.CSharp.Entities
+{
+    internal class ImplicitMainMethod : OrdinaryMethod
+    {
+        private readonly List<GlobalStatementSyntax> globalStatements;
+
+        public ImplicitMainMethod(Context cx, IMethodSymbol symbol, List<GlobalStatementSyntax> globalStatements)
+            : base(cx, symbol)
+        {
+            this.globalStatements = globalStatements;
+        }
+
+        protected override void PopulateMethodBody(TextWriter trapFile)
+        {
+            GlobalStatementsBlock.Create(Context, this, globalStatements);
+        }
+
+        public static ImplicitMainMethod Create(Context cx, IMethodSymbol method, List<GlobalStatementSyntax> globalStatements)
+        {
+            return ImplicitMainMethodFactory.Instance.CreateEntity(cx, method, (method, globalStatements));
+        }
+
+        private class ImplicitMainMethodFactory : CachedEntityFactory<(IMethodSymbol, List<GlobalStatementSyntax>), ImplicitMainMethod>
+        {
+            public static ImplicitMainMethodFactory Instance { get; } = new ImplicitMainMethodFactory();
+
+            public override ImplicitMainMethod Create(Context cx, (IMethodSymbol, List<GlobalStatementSyntax>) init) => new ImplicitMainMethod(cx, init.Item1, init.Item2);
+        }
+    }
+}

csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs

@@ -46,7 +46,7 @@ protected virtual void ExtractInitializers(TextWriter trapFile)
             // so there's nothing to extract.
         }
 
-        private void PopulateMethodBody(TextWriter trapFile)
+        protected virtual void PopulateMethodBody(TextWriter trapFile)
         {
             if (!IsSourceDeclaration)
                 return;

csharp/extractor/Semmle.Extraction.CSharp/Entities/OrdinaryMethod.cs

@@ -8,7 +8,7 @@ namespace Semmle.Extraction.CSharp.Entities
 {
     internal class OrdinaryMethod : Method
     {
-        private OrdinaryMethod(Context cx, IMethodSymbol init)
+        protected OrdinaryMethod(Context cx, IMethodSymbol init)
             : base(cx, init) { }
 
         public override string Name => Symbol.GetName();

csharp/extractor/Semmle.Extraction.CSharp/Entities/Statements/GlobalStatementsBlock.cs

@@ -2,17 +2,22 @@
 using System.Linq;
 using System.IO;
 using Semmle.Extraction.Entities;
+using System.Collections.Generic;
+using Microsoft.CodeAnalysis.CSharp.Syntax;
+using System;
 
 namespace Semmle.Extraction.CSharp.Entities.Statements
 {
     internal class GlobalStatementsBlock : Statement
     {
         private readonly Method parent;
+        private readonly List<GlobalStatementSyntax> globalStatements;
 
-        private GlobalStatementsBlock(Context cx, Method parent)
+        private GlobalStatementsBlock(Context cx, Method parent, List<GlobalStatementSyntax> globalStatements)
             : base(cx, StmtKind.BLOCK, parent, 0)
         {
             this.parent = parent;
+            this.globalStatements = globalStatements;
         }
 
         public override Microsoft.CodeAnalysis.Location? ReportingLocation
@@ -27,16 +32,24 @@ public override Microsoft.CodeAnalysis.Location? ReportingLocation
             }
         }
 
-        public static GlobalStatementsBlock Create(Context cx, Method parent)
+        public static GlobalStatementsBlock Create(Context cx, Method parent, List<GlobalStatementSyntax> globalStatements)
         {
-            var ret = new GlobalStatementsBlock(cx, parent);
+            var ret = new GlobalStatementsBlock(cx, parent, globalStatements);
             ret.TryPopulate();
             return ret;
         }
 
         protected override void PopulateStatement(TextWriter trapFile)
         {
             trapFile.stmt_location(this, Context.CreateLocation(ReportingLocation));
+
+            for (var i = 0; i < globalStatements.Count; i++)
+            {
+                if (globalStatements[i].Statement is not null)
+                {
+                    Statement.Create(Context, globalStatements[i].Statement, this, i);
+                }
+            }
         }
     }
 }

csharp/extractor/Semmle.Extraction.CSharp/Populators/CompilationUnitVisitor.cs

@@ -3,7 +3,6 @@
 using Microsoft.CodeAnalysis.CSharp.Syntax;
 using Semmle.Util.Logging;
 using Semmle.Extraction.CSharp.Entities;
-using Semmle.Extraction.CSharp.Entities.Statements;
 using System.Linq;
 
 namespace Semmle.Extraction.CSharp.Populators
@@ -60,23 +59,14 @@ private void ExtractGlobalStatements(CompilationUnitSyntax compilationUnit)
             }
 
             var entryPoint = Cx.Compilation.GetEntryPoint(System.Threading.CancellationToken.None);
-            var entryMethod = Method.Create(Cx, entryPoint);
-            if (entryMethod is null)
+            if (entryPoint is null)
             {
                 Cx.ExtractionError("No entry method found. Skipping the extraction of global statements.",
                     null, Cx.CreateLocation(globalStatements[0].GetLocation()), null, Severity.Info);
                 return;
             }
 
-            var block = GlobalStatementsBlock.Create(Cx, entryMethod);
-
-            for (var i = 0; i < globalStatements.Count; i++)
-            {
-                if (globalStatements[i].Statement is not null)
-                {
-                    Statement.Create(Cx, globalStatements[i].Statement, block, i);
-                }
-            }
+            ImplicitMainMethod.Create(Cx, entryPoint, globalStatements);
         }
     }
 }

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Remote.qll

@@ -171,6 +171,23 @@ class ActionMethodParameter extends RemoteFlowSource, DataFlow::ParameterNode {
 /** A data flow source of remote user input (ASP.NET Core). */
 abstract class AspNetCoreRemoteFlowSource extends RemoteFlowSource { }
 
+/**
+ * Data flow for AST.NET Core.
+ *
+ * Flow is defined from any ASP.NET Core remote source object to any of its member
+ * properties.
+ */
+private class AspNetCoreRemoteFlowSourceMember extends TaintTracking::TaintedMember {
+  AspNetCoreRemoteFlowSourceMember() {
+    this.getDeclaringType() = any(AspNetCoreRemoteFlowSource source).getType() and
+    this.isPublic() and
+    not this.isStatic() and
+    exists(Property p | p = this |
+      p.isAutoImplemented() and p.getGetter().isPublic() and p.getSetter().isPublic()
+    )
+  }
+}
+
 /** A data flow source of remote user input (ASP.NET query collection). */
 class AspNetCoreQueryRemoteFlowSource extends AspNetCoreRemoteFlowSource, DataFlow::ExprNode {
   AspNetCoreQueryRemoteFlowSource() {
@@ -196,7 +213,7 @@ class AspNetCoreQueryRemoteFlowSource extends AspNetCoreRemoteFlowSource, DataFl
 }
 
 /** A parameter to a `Mvc` controller action method, viewed as a source of remote user input. */
-class AspNetCoreActionMethodParameter extends RemoteFlowSource, DataFlow::ParameterNode {
+class AspNetCoreActionMethodParameter extends AspNetCoreRemoteFlowSource, DataFlow::ParameterNode {
   AspNetCoreActionMethodParameter() {
     exists(Parameter p |
       p = this.getParameter() and

csharp/ql/src/Diagnostics/CompilerError.ql

@@ -1,9 +1,7 @@
 /**
  * @name Compilation error
  * @description A compilation error can cause extraction problems, and could lead to inaccurate results.
- * @kind problem
- * @problem.severity recommendation
- * @precision high
+ * @kind diagnostic
  * @id cs/compilation-error
  * @tags internal non-attributable
  */

csharp/ql/src/Diagnostics/CompilerMessage.ql

@@ -1,9 +1,7 @@
 /**
  * @name Compilation message
  * @description A message emitted by the compiler, including warnings and errors.
- * @kind problem
- * @problem.severity recommendation
- * @precision high
+ * @kind diagnostic
  * @id cs/compilation-message
  * @tags internal non-attributable
  */