Skip to content

Commit 92b086d

Browse files
egregius313egregius313
authored
Merge pull request github#15798 from egregius313/egregius313/csharp/mad/fix-textreader-models
C#: Change `System.IO.TextReader` models to transfer taint to out parameter
2 parents c947405 + a87df54 commit 92b086d

File tree

4 files changed

+49
-43
lines changed

4 files changed

+49
-43
lines changed

csharp/ql/lib/change-notes/2024-03-04-fixed-system.io.textreader-models.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* The models for `System.IO.TextReader` have been modified to better model the flow of tainted text from a `TextReader`.

csharp/ql/lib/ext/System.IO.model.yml

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -89,14 +89,16 @@ extensions:
8989
- ["System.IO", "StreamReader", False, "StreamReader", "(System.String,System.Text.Encoding,System.Boolean,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
9090
- ["System.IO", "StringReader", False, "StringReader", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
9191
- ["System.IO", "TextReader", True, "Read", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
92-
- ["System.IO", "TextReader", True, "Read", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
93-
- ["System.IO", "TextReader", True, "Read", "(System.Span<System.Char>)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
94-
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
95-
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
96-
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
97-
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Span<System.Char>)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
98-
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
99-
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
92+
- ["System.IO", "TextReader", True, "Read", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
93+
- ["System.IO", "TextReader", True, "Read", "(System.Span<System.Char>)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
94+
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
95+
# Post-update nodes for `Memory<T>` are currently unsupported. This model is provided for completeness
96+
- ["System.IO", "TextReader", True, "ReadAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
97+
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
98+
- ["System.IO", "TextReader", True, "ReadBlock", "(System.Span<System.Char>)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
99+
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Char[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
100+
# Post-update nodes for `Memory<T>` are currently unsupported. This model is provided for completeness
101+
- ["System.IO", "TextReader", True, "ReadBlockAsync", "(System.Memory<System.Char>,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"]
100102
- ["System.IO", "TextReader", True, "ReadLine", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
101103
- ["System.IO", "TextReader", True, "ReadLineAsync", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
102104
- ["System.IO", "TextReader", True, "ReadToEnd", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]

csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected

Lines changed: 27 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -882,10 +882,10 @@ summary
882882
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual |
883883
| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated |
884884
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;();;Argument[this];ReturnValue;taint;manual |
885-
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
886-
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
887-
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
888-
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
885+
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
886+
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
887+
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
888+
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
889889
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadLine;();;Argument[this];ReturnValue;taint;manual |
890890
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
891891
| Microsoft.AspNetCore.WebUtilities;HttpRequestStreamReader;false;ReadToEndAsync;();;Argument[this];ReturnValue;taint;manual |
@@ -9210,14 +9210,14 @@ summary
92109210
| System.IO;Stream;true;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual |
92119211
| System.IO;Stream;true;WriteAsync;(System.ReadOnlyMemory<System.Byte>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated |
92129212
| System.IO;StreamReader;false;Read;();;Argument[this];ReturnValue;taint;manual |
9213-
| System.IO;StreamReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9214-
| System.IO;StreamReader;false;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
9215-
| System.IO;StreamReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9216-
| System.IO;StreamReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
9217-
| System.IO;StreamReader;false;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9218-
| System.IO;StreamReader;false;ReadBlock;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
9219-
| System.IO;StreamReader;false;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9220-
| System.IO;StreamReader;false;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
9213+
| System.IO;StreamReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9214+
| System.IO;StreamReader;false;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
9215+
| System.IO;StreamReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9216+
| System.IO;StreamReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
9217+
| System.IO;StreamReader;false;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9218+
| System.IO;StreamReader;false;ReadBlock;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
9219+
| System.IO;StreamReader;false;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9220+
| System.IO;StreamReader;false;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
92219221
| System.IO;StreamReader;false;ReadLine;();;Argument[this];ReturnValue;taint;manual |
92229222
| System.IO;StreamReader;false;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
92239223
| System.IO;StreamReader;false;ReadToEnd;();;Argument[this];ReturnValue;taint;manual |
@@ -9286,13 +9286,13 @@ summary
92869286
| System.IO;StreamWriter;false;get_BaseStream;();;Argument[this];ReturnValue;taint;df-generated |
92879287
| System.IO;StreamWriter;false;get_Encoding;();;Argument[this];ReturnValue;taint;df-generated |
92889288
| System.IO;StringReader;false;Read;();;Argument[this];ReturnValue;taint;manual |
9289-
| System.IO;StringReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9290-
| System.IO;StringReader;false;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
9291-
| System.IO;StringReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9292-
| System.IO;StringReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
9293-
| System.IO;StringReader;false;ReadBlock;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
9294-
| System.IO;StringReader;false;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9295-
| System.IO;StringReader;false;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
9289+
| System.IO;StringReader;false;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9290+
| System.IO;StringReader;false;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
9291+
| System.IO;StringReader;false;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9292+
| System.IO;StringReader;false;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
9293+
| System.IO;StringReader;false;ReadBlock;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
9294+
| System.IO;StringReader;false;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9295+
| System.IO;StringReader;false;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
92969296
| System.IO;StringReader;false;ReadLine;();;Argument[this];ReturnValue;taint;manual |
92979297
| System.IO;StringReader;false;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
92989298
| System.IO;StringReader;false;ReadLineAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated |
@@ -9335,14 +9335,14 @@ summary
93359335
| System.IO;StringWriter;false;WriteLineAsync;(System.Text.StringBuilder,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated |
93369336
| System.IO;TextReader;false;Synchronized;(System.IO.TextReader);;Argument[0];ReturnValue;taint;df-generated |
93379337
| System.IO;TextReader;true;Read;();;Argument[this];ReturnValue;taint;manual |
9338-
| System.IO;TextReader;true;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9339-
| System.IO;TextReader;true;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
9340-
| System.IO;TextReader;true;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9341-
| System.IO;TextReader;true;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
9342-
| System.IO;TextReader;true;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9343-
| System.IO;TextReader;true;ReadBlock;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
9344-
| System.IO;TextReader;true;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
9345-
| System.IO;TextReader;true;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
9338+
| System.IO;TextReader;true;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9339+
| System.IO;TextReader;true;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
9340+
| System.IO;TextReader;true;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9341+
| System.IO;TextReader;true;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
9342+
| System.IO;TextReader;true;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9343+
| System.IO;TextReader;true;ReadBlock;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
9344+
| System.IO;TextReader;true;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
9345+
| System.IO;TextReader;true;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
93469346
| System.IO;TextReader;true;ReadLine;();;Argument[this];ReturnValue;taint;manual |
93479347
| System.IO;TextReader;true;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
93489348
| System.IO;TextReader;true;ReadToEnd;();;Argument[this];ReturnValue;taint;manual |

csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -7775,14 +7775,14 @@ summary
77757775
| System.IO;StringWriter;false;WriteLineAsync;(System.Text.StringBuilder,System.Threading.CancellationToken);;Argument[0];Argument[this];taint;df-generated |
77767776
| System.IO;TextReader;false;Synchronized;(System.IO.TextReader);;Argument[0];ReturnValue;taint;df-generated |
77777777
| System.IO;TextReader;true;Read;();;Argument[this];ReturnValue;taint;manual |
7778-
| System.IO;TextReader;true;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
7779-
| System.IO;TextReader;true;Read;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
7780-
| System.IO;TextReader;true;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
7781-
| System.IO;TextReader;true;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
7782-
| System.IO;TextReader;true;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
7783-
| System.IO;TextReader;true;ReadBlock;(System.Span<System.Char>);;Argument[this];ReturnValue;taint;manual |
7784-
| System.IO;TextReader;true;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];ReturnValue;taint;manual |
7785-
| System.IO;TextReader;true;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;manual |
7778+
| System.IO;TextReader;true;Read;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
7779+
| System.IO;TextReader;true;Read;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
7780+
| System.IO;TextReader;true;ReadAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
7781+
| System.IO;TextReader;true;ReadAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
7782+
| System.IO;TextReader;true;ReadBlock;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
7783+
| System.IO;TextReader;true;ReadBlock;(System.Span<System.Char>);;Argument[this];Argument[0].Element;taint;manual |
7784+
| System.IO;TextReader;true;ReadBlockAsync;(System.Char[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual |
7785+
| System.IO;TextReader;true;ReadBlockAsync;(System.Memory<System.Char>,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual |
77867786
| System.IO;TextReader;true;ReadLine;();;Argument[this];ReturnValue;taint;manual |
77877787
| System.IO;TextReader;true;ReadLineAsync;();;Argument[this];ReturnValue;taint;manual |
77887788
| System.IO;TextReader;true;ReadToEnd;();;Argument[this];ReturnValue;taint;manual |

0 commit comments

Comments
 (0)