Skip to content

Commit 4a87d5f

Browse files
d10cd10c
committed
C#: UnsafeDeserialization
1 parent 7d9e3fc commit 4a87d5f

File tree

1 file changed

+6
-54
lines changed

1 file changed

+6
-54
lines changed

csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll

Lines changed: 6 additions & 54 deletions
Original file line numberDiff line numberDiff line change
@@ -61,15 +61,7 @@ private module TaintToObjectMethodTrackingConfig implements DataFlow::ConfigSig
6161
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
6262

6363
predicate observeDiffInformedIncrementalMode() {
64-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 33 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 33 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
65-
}
66-
67-
Location getASelectedSourceLocation(DataFlow::Node source) {
68-
none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 33 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 33 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
69-
}
70-
71-
Location getASelectedSinkLocation(DataFlow::Node sink) {
72-
none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 33 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 33 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
64+
any() // used in one of the disjuncts in UnsafeDeserializationUntrustedInput.ql
7365
}
7466
}
7567

@@ -91,15 +83,7 @@ private module JsonConvertTrackingConfig implements DataFlow::ConfigSig {
9183
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
9284

9385
predicate observeDiffInformedIncrementalMode() {
94-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 55 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 55 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
95-
}
96-
97-
Location getASelectedSourceLocation(DataFlow::Node source) {
98-
none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 55 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 55 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
99-
}
100-
101-
Location getASelectedSinkLocation(DataFlow::Node sink) {
102-
none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 55 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 55 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
86+
any() // used in one of the disjuncts in UnsafeDeserializationUntrustedInput.ql
10387
}
10488
}
10589

@@ -159,15 +143,7 @@ private module TypeNameTrackingConfig implements DataFlow::ConfigSig {
159143
}
160144

161145
predicate observeDiffInformedIncrementalMode() {
162-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 56 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 56 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
163-
}
164-
165-
Location getASelectedSourceLocation(DataFlow::Node source) {
166-
none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 56 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 56 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
167-
}
168-
169-
Location getASelectedSinkLocation(DataFlow::Node sink) {
170-
none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 56 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 56 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
146+
none() // Only used as secondary config in UnsafeDeserializationUntrustedInput.ql
171147
}
172148
}
173149

@@ -187,15 +163,7 @@ private module TaintToConstructorOrStaticMethodTrackingConfig implements DataFlo
187163
predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
188164

189165
predicate observeDiffInformedIncrementalMode() {
190-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 50 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 50 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
191-
}
192-
193-
Location getASelectedSourceLocation(DataFlow::Node source) {
194-
none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 50 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 50 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
195-
}
196-
197-
Location getASelectedSinkLocation(DataFlow::Node sink) {
198-
none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 50 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 50 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
166+
any() // used in one of the disjuncts in UnsafeDeserializationUntrustedInput.ql
199167
}
200168
}
201169

@@ -236,15 +204,7 @@ private module TaintToObjectTypeTrackingConfig implements DataFlow::ConfigSig {
236204
}
237205

238206
predicate observeDiffInformedIncrementalMode() {
239-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 43 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 43 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
240-
}
241-
242-
Location getASelectedSourceLocation(DataFlow::Node source) {
243-
none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 43 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 43 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
244-
}
245-
246-
Location getASelectedSinkLocation(DataFlow::Node sink) {
247-
none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 43 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 43 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
207+
none() // only used as secondary config in UnsafeDeserializationUntrustedInput.ql
248208
}
249209
}
250210

@@ -272,15 +232,7 @@ private module WeakTypeCreationToUsageTrackingConfig implements DataFlow::Config
272232
}
273233

274234
predicate observeDiffInformedIncrementalMode() {
275-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 37 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 37 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
276-
}
277-
278-
Location getASelectedSourceLocation(DataFlow::Node source) {
279-
none() // TODO: Make sure that this source location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 37 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 37 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
280-
}
281-
282-
Location getASelectedSinkLocation(DataFlow::Node sink) {
283-
none() // TODO: Make sure that this sink location matches the query's select clause: Column 1 does not select a source or sink originating from the flow call on line 37 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@59:8:59:25), Column 5 does not select a source or sink originating from the flow call on line 37 (/Users/d10c/src/semmle-code/ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql@60:3:60:11)
235+
none() // only used as secondary config in UnsafeDeserializationUntrustedInput.ql
284236
}
285237
}
286238

0 commit comments

Comments
 (0)