Merge branch 'main' into uncontrolled-allocation-size-docs

Author: paldepind

csharp/documentation/library-coverage/coverage.csv

@@ -10,7 +10,7 @@ Internal.IL,,,46,,,,,,,,,,,,,,,,,,,44,2
 Internal.Pgo,,,9,,,,,,,,,,,,,,,,,,,8,1
 Internal.TypeSystem,,,315,,,,,,,,,,,,,,,,,,,299,16
 JsonToItemsTaskFactory,,,10,,,,,,,,,,,,,,,,,,,10,
-Microsoft.Android.Build,,,16,,,,,,,,,,,,,,,,,,,16,
+Microsoft.Android.Build,,1,16,,,,,,,,,,,,,1,,,,,,16,
 Microsoft.Apple.Build,,,8,,,,,,,,,,,,,,,,,,,8,
 Microsoft.ApplicationBlocks.Data,28,,,,,,,,,,,,28,,,,,,,,,,
 Microsoft.CSharp,,,13,,,,,,,,,,,,,,,,,,,13,
@@ -19,9 +19,9 @@ Microsoft.DotNet.Build.Tasks,,,6,,,,,,,,,,,,,,,,,,,6,
 Microsoft.EntityFrameworkCore,6,,12,,,,,,,,,,6,,,,,,,,,,12
 Microsoft.Extensions.Caching.Distributed,,,10,,,,,,,,,,,,,,,,,,,10,
 Microsoft.Extensions.Caching.Memory,,,39,,,,,,,,,,,,,,,,,,,38,1
-Microsoft.Extensions.Configuration,,2,90,,,,,,,,,,,,,2,,,,,,89,1
+Microsoft.Extensions.Configuration,,3,90,,,,,,,,,,,,,3,,,,,,89,1
 Microsoft.Extensions.DependencyInjection,,,134,,,,,,,,,,,,,,,,,,,133,1
-Microsoft.Extensions.DependencyModel,,,18,,,,,,,,,,,,,,,,,,,18,
+Microsoft.Extensions.DependencyModel,,1,18,,,,,,,,,,,,,1,,,,,,18,
 Microsoft.Extensions.Diagnostics.Metrics,,,15,,,,,,,,,,,,,,,,,,,15,
 Microsoft.Extensions.FileProviders,,,15,,,,,,,,,,,,,,,,,,,15,
 Microsoft.Extensions.FileSystemGlobbing,,,18,,,,,,,,,,,,,,,,,,,16,2
@@ -41,5 +41,5 @@ MySql.Data.MySqlClient,48,,,,,,,,,,,,48,,,,,,,,,,
 Newtonsoft.Json,,,91,,,,,,,,,,,,,,,,,,,73,18
 ServiceStack,194,,7,27,,,,,75,,,,92,,,,,,,,,7,
 SourceGenerators,,,5,,,,,,,,,,,,,,,,,,,5,
-System,60,44,10614,,7,6,5,,,4,5,,33,2,,3,15,17,3,4,,8709,1905
+System,54,47,10626,,6,5,5,,,4,1,,33,2,,6,15,17,3,4,,8721,1905
 Windows.Security.Cryptography.Core,1,,,,,,,1,,,,,,,,,,,,,,,

csharp/documentation/library-coverage/coverage.rst

@@ -8,7 +8,7 @@ C# framework & library support
 
    Framework / library,Package,Flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
    `ServiceStack <https://servicestack.net/>`_,"``ServiceStack.*``, ``ServiceStack``",,7,194,
-   System,"``System.*``, ``System``",44,10614,60,9
-   Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",54,1821,148,
-   Totals,,98,12442,402,9
+   System,"``System.*``, ``System``",47,10626,54,5
+   Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",57,1821,148,
+   Totals,,104,12454,396,5
 

csharp/extractor/Semmle.Extraction.CSharp/Entities/Compilations/CompilerDiagnostic.cs

@@ -21,7 +21,6 @@ public CompilerDiagnostic(Context cx, Microsoft.CodeAnalysis.Diagnostic diag, Co
 
         protected override void Populate(TextWriter trapFile)
         {
-            // The below doesn't limit the extractor messages to the exact limit, but it's good enough.
             var key = diagnostic.Id;
             var messageCount = compilation.messageCounts.AddOrUpdate(key, 1, (_, c) => c + 1);
             if (messageCount > limit)

csharp/extractor/Semmle.Extraction/Entities/ExtractionMessage.cs

@@ -10,27 +10,36 @@ internal class ExtractionMessage : FreshEntity
         private static int messageCount = 0;
 
         private readonly Message msg;
+        private readonly bool bypassLimit;
 
-        public ExtractionMessage(Context cx, Message msg) : base(cx)
+        public ExtractionMessage(Context cx, Message msg) : this(cx, msg, bypassLimit: false)
         {
+        }
+
+        private ExtractionMessage(Context cx, Message msg, bool bypassLimit) : base(cx)
+        {
+            this.bypassLimit = bypassLimit;
             this.msg = msg;
             TryPopulate();
         }
 
         protected override void Populate(TextWriter trapFile)
         {
-            // The below doesn't limit the extractor messages to the exact limit, but it's good enough.
-            Interlocked.Increment(ref messageCount);
-            if (messageCount > limit)
+            if (!bypassLimit)
             {
-                if (messageCount == limit + 1)
+                var val = Interlocked.Increment(ref messageCount);
+                if (val > limit)
                 {
-                    Context.ExtractionContext.Logger.LogWarning($"Stopped logging extractor messages after reaching {limit}");
+                    if (val == limit + 1)
+                    {
+                        Context.ExtractionContext.Logger.LogWarning($"Stopped logging extractor messages after reaching {limit}");
+                        _ = new ExtractionMessage(Context, new Message($"Stopped logging extractor messages after reaching {limit}", null, null, null, Util.Logging.Severity.Warning), bypassLimit: true);
+                    }
+                    return;
                 }
-                return;
             }
 
-            trapFile.extractor_messages(this, msg.Severity, "C# extractor", msg.Text, msg.EntityText ?? string.Empty,
+            trapFile.extractor_messages(this, msg.Severity, msg.Text, msg.EntityText ?? string.Empty,
                 msg.Location ?? Context.CreateLocation(), msg.StackTrace ?? string.Empty);
         }
     }

csharp/extractor/Semmle.Extraction/Tuples.cs

@@ -12,9 +12,9 @@ public static void containerparent(this System.IO.TextWriter trapFile, Folder pa
             trapFile.WriteTuple("containerparent", parent, child);
         }
 
-        internal static void extractor_messages(this System.IO.TextWriter trapFile, ExtractionMessage error, Semmle.Util.Logging.Severity severity, string origin, string errorMessage, string entityText, Location location, string stackTrace)
+        internal static void extractor_messages(this System.IO.TextWriter trapFile, ExtractionMessage error, Semmle.Util.Logging.Severity severity, string errorMessage, string entityText, Location location, string stackTrace)
         {
-            trapFile.WriteTuple("extractor_messages", error, (int)severity, origin, errorMessage, entityText, location, stackTrace);
+            trapFile.WriteTuple("extractor_messages", error, (int)severity, "C# extractor", errorMessage, entityText, location, stackTrace);
         }
 
         public static void files(this System.IO.TextWriter trapFile, File file, string fullName)

csharp/ql/integration-tests/all-platforms/standalone/Diag.expected

@@ -1,7 +1,9 @@
 extractorMessages
-| 5 |
+| 6 |
 compilerDiagnostics
 | 4 |
+extractorMessagesLeachedLimit
+| Program.cs:1:1:1:0 | Stopped logging extractor messages after reaching 5 |
 compilationInfo
 | Compiler diagnostic count for CS0103 | 3.0 |
 | Compiler diagnostic count for CS8019 | 7.0 |

csharp/ql/integration-tests/all-platforms/standalone/Diag.ql

@@ -5,6 +5,10 @@ query predicate extractorMessages(int c) { c = count(ExtractorMessage msg) }
 
 query predicate compilerDiagnostics(int c) { c = count(Diagnostic diag) }
 
+query predicate extractorMessagesLeachedLimit(ExtractorMessage msg) {
+  msg.getText().indexOf("Stopped logging") = 0
+}
+
 query predicate compilationInfo(string key, float value) {
   exists(Compilation c, string infoValue |
     infoValue = c.getInfo(key) and key.matches("Compiler diagnostic count for%")

csharp/ql/lib/change-notes/2024-05-23-static-field-side-effect.md

@@ -0,0 +1,4 @@
+---
+category: majorAnalysis
+---
+* Added support for data flow through side-effects on static fields. For example, when a static field containing an array is updated.

csharp/ql/lib/change-notes/2024-07-19-added-sources.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added some new `local` source models. Most prominently `System.IO.Path.GetTempPath` and `System.Environment.GetFolderPath`. This might produce more alerts, if the `local` threat model is enabled.

csharp/ql/lib/ext/System.Configuration.model.yml

@@ -15,3 +15,8 @@ extensions:
       - ["System.Configuration", "SettingElementCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
       - ["System.Configuration", "SettingsPropertyCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
       - ["System.Configuration", "SettingsPropertyValueCollection", False, "Clear", "()", "", "Argument[this].WithoutElement", "Argument[this]", "value", "manual"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: neutralModel
+    data:
+      - ["System.Configuration", "ApplicationSettingsBase", "GetPreviousVersion", "(System.String)", "source", "manual"]