C#: Convert Newtonsoft.JSon.Linq.JObject and Newtonsoft.JSon.Linq.JToken flow to CSV format.

Author: michaelnebel

csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll

@@ -21,7 +21,6 @@ private import semmle.code.csharp.dataflow.internal.DataFlowPublic
 private import semmle.code.csharp.dataflow.internal.DelegateDataFlow
 // import `LibraryTypeDataFlow` definitions from other files to avoid potential reevaluation
 private import semmle.code.csharp.frameworks.EntityFramework
-private import semmle.code.csharp.frameworks.JsonNET
 private import FlowSummary
 
 private newtype TAccessPath =

csharp/ql/lib/semmle/code/csharp/frameworks/JsonNET.qll

@@ -3,7 +3,6 @@
  */
 
 import csharp
-private import semmle.code.csharp.dataflow.LibraryTypeDataFlow
 private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** Definitions relating to the `Json.NET` package. */
@@ -224,46 +223,39 @@ module JsonNET {
     LinqClass() { this.getDeclaringNamespace() instanceof LinqNamespace }
   }
 
+  /** Data flow for `Newtonsoft.Json.Linq.JToken`. */
+  private class JTokenClassFlowModelCsv extends SummaryModelCsv {
+    override predicate row(string row) {
+      row =
+        [
+          "Newtonsoft.Json.Linq;JToken;false;SelectToken;(System.String);;Argument[-1];ReturnValue;taint",
+          "Newtonsoft.Json.Linq;JToken;false;SelectToken;(System.String,Newtonsoft.Json.Linq.JsonSelectSettings);;Argument[-1];ReturnValue;taint",
+          "Newtonsoft.Json.Linq;JToken;false;SelectToken;(System.String,System.Boolean);;Argument[-1];ReturnValue;taint",
+          "Newtonsoft.Json.Linq;JToken;false;ToString;();;Argument[-1];ReturnValue;taint",
+          "Newtonsoft.Json.Linq;JToken;false;ToString;(Newtonsoft.Json.Formatting,Newtonsoft.Json.JsonConverter[]);;Argument[-1];ReturnValue;taint",
+        ]
+    }
+  }
+
   /** The `NewtonSoft.Json.Linq.JObject` class. */
-  class JObjectClass extends LinqClass, LibraryTypeDataFlow {
+  class JObjectClass extends LinqClass {
     JObjectClass() { this.hasName("JObject") }
 
-    override predicate callableFlow(
-      CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-      boolean preservesValue
-    ) {
-      // ToString method
-      c = this.getBaseClass().getBaseClass().getAMethod("ToString") and
-      source instanceof CallableFlowSourceQualifier and
-      sink instanceof CallableFlowSinkReturn and
-      preservesValue = false
-      or
-      // Parse method
-      c = this.getParseMethod() and
-      source = any(CallableFlowSourceArg arg | arg.getArgumentIndex() = 0) and
-      sink instanceof CallableFlowSinkReturn and
-      preservesValue = false
-      or
-      // operator string
-      c =
-        any(Operator op |
-          op.getDeclaringType() = this.getABaseType*() and op.getReturnType() instanceof StringType
-        ) and
-      source.(CallableFlowSourceArg).getArgumentIndex() = 0 and
-      sink instanceof CallableFlowSinkReturn and
-      preservesValue = false
-      or
-      // SelectToken method
-      c = this.getSelectTokenMethod() and
-      source instanceof CallableFlowSourceQualifier and
-      sink instanceof CallableFlowSinkReturn and
-      preservesValue = false
-    }
-
     /** Gets the `Parse` method. */
     Method getParseMethod() { result = this.getAMethod("Parse") }
 
     /** Gets the `SelectToken` method. */
     Method getSelectTokenMethod() { result = this.getABaseType*().getAMethod("SelectToken") }
   }
+
+  /** Data flow for `NewtonSoft.Json.Linq.JObject`. */
+  private class JObjectClassFlowModelCsv extends SummaryModelCsv {
+    override predicate row(string row) {
+      row =
+        [
+          "Newtonsoft.Json.Linq;JObject;false;Parse;(System.String);;Argument[0];ReturnValue;taint",
+          "Newtonsoft.Json.Linq;JObject;false;Parse;(System.String,Newtonsoft.Json.Linq.JsonLoadSettings);;Argument[0];ReturnValue;taint"
+        ]
+    }
+  }
 }

csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected

@@ -58,7 +58,6 @@
 | Newtonsoft.Json.Linq;JToken;false;SelectToken;(System.String,System.Boolean);;Argument[-1];ReturnValue;taint |
 | Newtonsoft.Json.Linq;JToken;false;ToString;();;Argument[-1];ReturnValue;taint |
 | Newtonsoft.Json.Linq;JToken;false;ToString;(Newtonsoft.Json.Formatting,Newtonsoft.Json.JsonConverter[]);;Argument[-1];ReturnValue;taint |
-| Newtonsoft.Json.Linq;JToken;false;explicit conversion;(Newtonsoft.Json.Linq.JToken);;Argument[0];ReturnValue;taint |
 | Newtonsoft.Json;JsonConvert;false;DeserializeAnonymousType<>;(System.String,T);;Argument[0];ReturnValue;taint |
 | Newtonsoft.Json;JsonConvert;false;DeserializeAnonymousType<>;(System.String,T,Newtonsoft.Json.JsonSerializerSettings);;Argument[0];ReturnValue;taint |
 | Newtonsoft.Json;JsonConvert;false;DeserializeObject;(System.String);;Argument[0];ReturnValue;taint |

csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected

@@ -51,7 +51,6 @@
 | Newtonsoft.Json.Linq;JToken;false;SelectToken;(System.String,System.Boolean);;Argument[-1];ReturnValue;taint |
 | Newtonsoft.Json.Linq;JToken;false;ToString;();;Argument[-1];ReturnValue;taint |
 | Newtonsoft.Json.Linq;JToken;false;ToString;(Newtonsoft.Json.Formatting,Newtonsoft.Json.JsonConverter[]);;Argument[-1];ReturnValue;taint |
-| Newtonsoft.Json.Linq;JToken;false;explicit conversion;(Newtonsoft.Json.Linq.JToken);;Argument[0];ReturnValue;taint |
 | Newtonsoft.Json;JsonConvert;false;DeserializeAnonymousType<>;(System.String,T);;Argument[0];ReturnValue;taint |
 | Newtonsoft.Json;JsonConvert;false;DeserializeAnonymousType<>;(System.String,T,Newtonsoft.Json.JsonSerializerSettings);;Argument[0];ReturnValue;taint |
 | Newtonsoft.Json;JsonConvert;false;DeserializeObject;(System.String);;Argument[0];ReturnValue;taint |