Convert existing mapped-property classes to directly extend DatabaseInputSource

egregius313 · egregius313 · commit 0ff12c07c768 · 2024-01-22T11:09:51.000-05:00
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll
@@ -12,6 +12,7 @@ private import semmle.code.csharp.frameworks.Sql
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Public
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private
 private import semmle.code.csharp.dataflow.internal.DataFlowPrivate as DataFlowPrivate
+private import semmle.code.csharp.security.dataflow.flowsources.Stored as Stored
 
 /**
  * Definitions relating to the `System.ComponentModel.DataAnnotations`
@@ -44,7 +45,7 @@ module EntityFramework {
   }
 
   /** A taint source where the data has come from a mapped property stored in the database. */
-  class StoredFlowSource extends DataFlow::Node {
+  class StoredFlowSource extends Stored::DatabaseInputSource {
     StoredFlowSource() {
       this.asExpr() = any(PropertyRead read | read.getTarget() instanceof MappedProperty)
     }
diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/NHibernate.qll
@@ -6,6 +6,7 @@ import csharp
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.Collections
 private import semmle.code.csharp.frameworks.Sql
+private import semmle.code.csharp.security.dataflow.flowsources.Stored as Stored
 
 /** Definitions relating to the `NHibernate` package. */
 module NHibernate {
@@ -86,7 +87,7 @@ module NHibernate {
   }
 
   /** A taint source where the data has come from a mapped property stored in the database. */
-  class StoredFlowSource extends DataFlow::Node {
+  class StoredFlowSource extends Stored::DatabaseInputSource {
     StoredFlowSource() {
       this.asExpr() = any(PropertyRead read | read.getTarget() instanceof MappedProperty)
     }
diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsources/Stored.qll
@@ -60,7 +60,7 @@ class DbDataReaderPropertyStoredFlowSource extends DatabaseInputSource {
 }
 
 /** A read of a mapped property. */
-class ORMMappedProperty extends DatabaseInputSource {
+deprecated class ORMMappedProperty extends DataFlow::Node {
   ORMMappedProperty() {
     this instanceof EntityFramework::StoredFlowSource or
     this instanceof NHibernate::StoredFlowSource

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@ private import semmle.code.csharp.frameworks.Sql`
`12`	`12`	`private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Public`
`13`	`13`	`private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private`
`14`	`14`	`private import semmle.code.csharp.dataflow.internal.DataFlowPrivate as DataFlowPrivate`
	`15`	`+private import semmle.code.csharp.security.dataflow.flowsources.Stored as Stored`
`15`	`16`
`16`	`17`	`/**`
`17`	`18`	* Definitions relating to the `System.ComponentModel.DataAnnotations`
`@@ -44,7 +45,7 @@ module EntityFramework {`
`44`	`45`	`}`
`45`	`46`
`46`	`47`	`/** A taint source where the data has come from a mapped property stored in the database. */`
`47`		`- class StoredFlowSource extends DataFlow::Node {`
	`48`	`+ class StoredFlowSource extends Stored::DatabaseInputSource {`
`48`	`49`	`StoredFlowSource() {`
`49`	`50`	`this.asExpr() = any(PropertyRead read \| read.getTarget() instanceof MappedProperty)`
`50`	`51`	`}`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ import csharp`
`6`	`6`	`private import semmle.code.csharp.frameworks.System`
`7`	`7`	`private import semmle.code.csharp.frameworks.system.Collections`
`8`	`8`	`private import semmle.code.csharp.frameworks.Sql`
	`9`	`+private import semmle.code.csharp.security.dataflow.flowsources.Stored as Stored`
`9`	`10`
`10`	`11`	/** Definitions relating to the `NHibernate` package. */
`11`	`12`	`module NHibernate {`
`@@ -86,7 +87,7 @@ module NHibernate {`
`86`	`87`	`}`
`87`	`88`
`88`	`89`	`/** A taint source where the data has come from a mapped property stored in the database. */`
`89`		`- class StoredFlowSource extends DataFlow::Node {`
	`90`	`+ class StoredFlowSource extends Stored::DatabaseInputSource {`
`90`	`91`	`StoredFlowSource() {`
`91`	`92`	`this.asExpr() = any(PropertyRead read \| read.getTarget() instanceof MappedProperty)`
`92`	`93`	`}`
Original file line number	Diff line number	Diff line change
`@@ -60,7 +60,7 @@ class DbDataReaderPropertyStoredFlowSource extends DatabaseInputSource {`
`60`	`60`	`}`
`61`	`61`
`62`	`62`	`/** A read of a mapped property. */`
`63`		`-class ORMMappedProperty extends DatabaseInputSource {`
	`63`	`+deprecated class ORMMappedProperty extends DataFlow::Node {`
`64`	`64`	`ORMMappedProperty() {`
`65`	`65`	`this instanceof EntityFramework::StoredFlowSource or`
`66`	`66`	`this instanceof NHibernate::StoredFlowSource`