C#: Convert at least System.Collection.[Generic.]ICollection flow to CSV format.

Author: michaelnebel

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

@@ -108,6 +108,7 @@ private module Frameworks {
   private import semmle.code.csharp.frameworks.system.IO
   private import semmle.code.csharp.frameworks.system.io.Compression
   private import semmle.code.csharp.frameworks.system.runtime.CompilerServices
+  private import semmle.code.csharp.frameworks.system.security.Cryptography
   private import semmle.code.csharp.frameworks.system.security.cryptography.X509Certificates
   private import semmle.code.csharp.frameworks.system.Text
   private import semmle.code.csharp.frameworks.system.text.RegularExpressions

csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll

@@ -575,55 +575,6 @@ class IEnumerableFlow extends LibraryTypeDataFlow, RefType {
   }
 }
 
-/** Data flow for `System.Collections.[Generic.]ICollection` (and sub types). */
-class ICollectionFlow extends LibraryTypeDataFlow, RefType {
-  ICollectionFlow() {
-    exists(Interface i | i = this.getABaseType*().getUnboundDeclaration() |
-      i instanceof SystemCollectionsICollectionInterface
-      or
-      i instanceof SystemCollectionsGenericICollectionInterface
-    )
-  }
-
-  override predicate callableFlow(
-    CallableFlowSource source, AccessPath sourceAp, CallableFlowSink sink, AccessPath sinkAp,
-    SourceDeclarationCallable c, boolean preservesValue
-  ) {
-    preservesValue = true and
-    exists(string name, int arity |
-      name = c.getUndecoratedName() and
-      arity = c.getNumberOfParameters() and
-      c = this.getAMethod()
-    |
-      name = "CopyTo" and
-      arity = 2 and
-      source instanceof CallableFlowSourceQualifier and
-      sourceAp = AccessPath::element() and
-      sink = TCallableFlowSinkArg(0) and
-      sinkAp = AccessPath::element()
-      or
-      name.regexpMatch("AsReadOnly|Clone") and
-      source = TCallableFlowSourceArg(0) and
-      sourceAp = AccessPath::element() and
-      sink = TCallableFlowSinkReturn() and
-      sinkAp = AccessPath::element()
-      or
-      name.regexpMatch("Peek|Pop") and
-      source = TCallableFlowSourceQualifier() and
-      sourceAp = AccessPath::element() and
-      sink = TCallableFlowSinkReturn() and
-      sinkAp = AccessPath::empty()
-      or
-      name = "InsertRange" and
-      arity = 2 and
-      source = TCallableFlowSourceArg(1) and
-      sourceAp = AccessPath::element() and
-      sink = TCallableFlowSinkQualifier() and
-      sinkAp = AccessPath::element()
-    )
-  }
-}
-
 abstract private class SyntheticTaskField extends SyntheticField {
   bindingset[this]
   SyntheticTaskField() { any() }

csharp/ql/lib/semmle/code/csharp/frameworks/System.qll

@@ -65,6 +65,28 @@ class SystemArrayClass extends SystemClass {
   Property getLengthProperty() { result = this.getProperty("Length") }
 }
 
+/** Data flow for `System.Array`. */
+private class SystemArrayFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System;Array;false;AsReadOnly<>;(T[]);;Element of Argument[0];Element of ReturnValue;value",
+        "System;Array;false;Clone;();;Element of Argument[0];Element of ReturnValue;value",
+        "System;Array;false;CopyTo;(System.Array,System.Int64);;Element of Argument[-1];Element of Argument[0];value",
+        "System;Array;false;Find<>;(T[],System.Predicate<T>);;Element of Argument[0];Parameter[0] of Argument[1];value",
+        "System;Array;false;Find<>;(T[],System.Predicate<T>);;Element of Argument[0];ReturnValue;value",
+        "System;Array;false;FindAll<>;(T[],System.Predicate<T>);;Element of Argument[0];Parameter[0] of Argument[1];value",
+        "System;Array;false;FindAll<>;(T[],System.Predicate<T>);;Element of Argument[0];ReturnValue;value",
+        "System;Array;false;FindLast<>;(T[],System.Predicate<T>);;Element of Argument[0];Parameter[0] of Argument[1];value",
+        "System;Array;false;FindLast<>;(T[],System.Predicate<T>);;Element of Argument[0];ReturnValue;value",
+        "System;Array;false;Reverse;(System.Array);;Element of Argument[0];Element of ReturnValue;value",
+        "System;Array;false;Reverse;(System.Array,System.Int32,System.Int32);;Element of Argument[0];Element of ReturnValue;value",
+        "System;Array;false;Reverse<>;(T[]);;Element of Argument[0];Element of ReturnValue;value",
+        "System;Array;false;Reverse<>;(T[],System.Int32,System.Int32);;Element of Argument[0];Element of ReturnValue;value",
+      ]
+  }
+}
+
 /** `System.Attribute` class. */
 class SystemAttributeClass extends SystemClass {
   SystemAttributeClass() { this.hasName("Attribute") }

csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll

@@ -62,6 +62,14 @@ class SystemCollectionsICollectionInterface extends SystemCollectionsInterface {
   SystemCollectionsICollectionInterface() { this.hasName("ICollection") }
 }
 
+/** Data flow for `System.Collections.ICollection`. */
+private class SystemCollectionsICollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "System.Collections;ICollection;true;CopyTo;(System.Array,System.Int32);;Element of Argument[-1];Element of Argument[0];value"
+  }
+}
+
 /** The `System.Collections.IList` interface. */
 class SystemCollectionsIListInterface extends SystemCollectionsInterface {
   SystemCollectionsIListInterface() { this.hasName("IList") }
@@ -157,3 +165,34 @@ private class SystemCollectionsArrayListFlowModelCsv extends SummaryModelCsv {
       ]
   }
 }
+
+/** Data flow for `System.Collections.BitArray`. */
+private class SystemCollectionsBitArrayFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "System.Collections;BitArray;false;Clone;();;Element of Argument[0];Element of ReturnValue;value"
+  }
+}
+
+/** Data flow for `System.Collections.Queue`. */
+private class SystemCollectionsQueueFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Collections;Queue;false;Clone;();;Element of Argument[0];Element of ReturnValue;value",
+        "System.Collections;Queue;false;Peek;();;Element of Argument[-1];ReturnValue;value",
+      ]
+  }
+}
+
+/** Data flow for `System.Collections.Stack`. */
+private class SystemCollectionsStackFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Collections;Stack;false;Clone;();;Element of Argument[0];Element of ReturnValue;value",
+        "System.Collections;Stack;false;Peek;();;Element of Argument[-1];ReturnValue;value",
+        "System.Collections;Stack;false;Pop;();;Element of Argument[-1];ReturnValue;value",
+      ]
+  }
+}

csharp/ql/lib/semmle/code/csharp/frameworks/system/ComponentModel.qll

@@ -56,3 +56,13 @@ private class SystemComponentModelListSortDescriptionCollectionFlowModelCsv exte
       ]
   }
 }
+
+/** Data flow for `System.ComponentModel.ComponentCollection`. */
+private class SystemComponentModelComponentCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.ComponentModel;ComponentCollection;false;CopyTo;(System.ComponentModel.IComponent[],System.Int32);;Element of Argument[-1];Element of Argument[0];value",
+      ]
+  }
+}

csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll

@@ -142,3 +142,83 @@ private class SystemDataITableMappingCollectionFlowModelCsv extends SummaryModel
       ]
   }
 }
+
+/** Data flow for `System.Data.ConstraintCollection`. */
+private class SystemDataConstraintCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Data;ConstraintCollection;false;Add;(System.Data.Constraint);;Argument[0];Element of Argument[-1];value",
+        "System.Data;ConstraintCollection;false;AddRange;(System.Data.Constraint[]);;Element of Argument[0];Element of Argument[-1];value",
+        "System.Data;ConstraintCollection;false;CopyTo;(System.Data.Constraint[],System.Int32);;Element of Argument[-1];Element of Argument[0];value",
+      ]
+  }
+}
+
+/** Data flow for `System.Data.DataColumnCollection`. */
+private class SystemDataDataColumnCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Data;DataColumnCollection;false;Add;(System.Data.DataColumn);;Argument[0];Element of Argument[-1];value",
+        "System.Data;DataColumnCollection;false;Add;(System.String);;Argument[0];Element of Argument[-1];value",
+        "System.Data;DataColumnCollection;false;AddRange;(System.Data.DataColumn[]);;Element of Argument[0];Element of Argument[-1];value",
+        "System.Data;DataColumnCollection;false;CopyTo;(System.Data.DataColumn[],System.Int32);;Element of Argument[-1];Element of Argument[0];value",
+      ]
+  }
+}
+
+/** Data flow for `System.Data.DataRelationCollection`. */
+private class SystemDataDataRelationCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Data;DataRelationCollection;false;Add;(System.Data.DataRelation);;Argument[0];Element of Argument[-1];value",
+        "System.Data;DataRelationCollection;false;CopyTo;(System.Data.DataRelation[],System.Int32);;Element of Argument[-1];Element of Argument[0];value",
+        "System.Data;DataRelationCollection;true;AddRange;(System.Data.DataRelation[]);;Element of Argument[0];Element of Argument[-1];value",
+      ]
+  }
+}
+
+/** Data flow for `System.Data.DataRawCollection`. */
+private class SystemDataDataRawCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Data;DataRowCollection;false;Add;(System.Data.DataRow);;Argument[0];Element of Argument[-1];value",
+        "System.Data;DataRowCollection;false;Add;(System.Object[]);;Argument[0];Element of Argument[-1];value",
+        "System.Data;DataRowCollection;false;CopyTo;(System.Data.DataRow[],System.Int32);;Element of Argument[-1];Element of Argument[0];value",
+        "System.Data;DataRowCollection;false;Find;(System.Object);;Element of Argument[-1];ReturnValue;value",
+        "System.Data;DataRowCollection;false;Find;(System.Object[]);;Element of Argument[-1];ReturnValue;value",
+      ]
+  }
+}
+
+/** Data flow for `System.Data.DataTableCollection`. */
+private class SystemDataDataTableCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Data;DataTableCollection;false;Add;(System.Data.DataTable);;Argument[0];Element of Argument[-1];value",
+        "System.Data;DataTableCollection;false;Add;(System.String);;Argument[0];Element of Argument[-1];value",
+        "System.Data;DataTableCollection;false;AddRange;(System.Data.DataTable[]);;Element of Argument[0];Element of Argument[-1];value",
+        "System.Data;DataTableCollection;false;CopyTo;(System.Data.DataTable[],System.Int32);;Element of Argument[-1];Element of Argument[0];value",
+      ]
+  }
+}
+
+/** Data flow for `System.Data.DataViewSettingCollection`. */
+private class SystemDataDataViewSettingCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "System.Data;DataViewSettingCollection;false;CopyTo;(System.Data.DataViewSetting[],System.Int32);;Element of Argument[-1];Element of Argument[0];value"
+  }
+}
+
+/** Data flow for `System.Data.PropertyCollection`. */
+private class SystemDataPropertyCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "System.Data;PropertyCollection;false;Clone;();;Element of Argument[0];Element of ReturnValue;value"
+  }
+}

csharp/ql/lib/semmle/code/csharp/frameworks/system/Diagnostics.qll

@@ -111,3 +111,22 @@ private class SystemDiagnosticsTraceListenerCollectionFlowModelCsv extends Summa
       ]
   }
 }
+
+/** Data flow for `System.Diagnostics.ProcessModuleCollection`. */
+private class SystemDiagnosticsProcessModuleCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "System.Diagnostics;ProcessModuleCollection;false;CopyTo;(System.Diagnostics.ProcessModule[],System.Int32);;Element of Argument[-1];Element of Argument[0];value"
+  }
+}
+
+/** Data flow for `System.Diagnostics.ProcessThreadCollection`. */
+private class SystemDiagnosticsProcessThreadCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Diagnostics;ProcessThreadCollection;false;Add;(System.Diagnostics.ProcessThread);;Argument[0];Element of Argument[-1];value",
+        "System.Diagnostics;ProcessThreadCollection;false;CopyTo;(System.Diagnostics.ProcessThread[],System.Int32);;Element of Argument[-1];Element of Argument[0];value",
+      ]
+  }
+}

csharp/ql/lib/semmle/code/csharp/frameworks/system/Net.qll

@@ -97,3 +97,11 @@ private class SystemNetCookieClassFlowModelCsv extends SummaryModelCsv {
     row = "System.Net;Cookie;false;get_Value;();;Argument[-1];ReturnValue;taint"
   }
 }
+
+/** Data flow for `System.Net.HttpListenerPrefixCollection`. */
+private class SystemNetHttpListenerPrefixCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "System.Net;HttpListenerPrefixCollection;false;CopyTo;(System.Array,System.Int32);;Element of Argument[-1];Element of Argument[0];value"
+  }
+}

csharp/ql/lib/semmle/code/csharp/frameworks/system/Xml.qll

@@ -277,3 +277,11 @@ class XmlReaderSettingsInstance extends Expr {
     )
   }
 }
+
+/** Data flow for `System.Xml.XmlAttributeCollection`. */
+private class SystemXmlXmlAttributeCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "System.Xml;XmlAttributeCollection;false;CopyTo;(System.Xml.XmlAttribute[],System.Int32);;Element of Argument[-1];Element of Argument[0];value"
+  }
+}

csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Concurrent.qll

@@ -20,3 +20,22 @@ private class SystemCollectionsConcurrentConcurrentDictionaryFlowModelCsv extend
       ]
   }
 }
+
+/** Data flow for `System.Collections.Concurrent.BlockingCollection<>`. */
+private class SystemCollectionsConcurrentBlockingCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Collections.Concurrent;BlockingCollection<>;false;Add;(T);;Argument[0];Element of Argument[-1];value",
+        "System.Collections.Concurrent;BlockingCollection<>;false;CopyTo;(T[],System.Int32);;Element of Argument[-1];Element of Argument[0];value",
+      ]
+  }
+}
+
+/** Data flow for `System.Collections.Concurrent.IProducerConsumerCollection<>`. */
+private class SystemCollectionsConcurrentIProducerConsumerCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "System.Collections.Concurrent;IProducerConsumerCollection<>;true;CopyTo;(T[],System.Int32);;Element of Argument[-1];Element of Argument[0];value"
+  }
+}