Merge pull request #7342 from michaelnebel/csharp-mad-as-csv3

C#: More Flow summaries in CSV format.

Author: michaelnebel

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

@@ -93,6 +93,10 @@ private module Frameworks {
   private import semmle.code.csharp.frameworks.Sql
   private import semmle.code.csharp.frameworks.EntityFramework
   private import semmle.code.csharp.frameworks.system.Text
+  private import semmle.code.csharp.frameworks.system.Net
+  private import semmle.code.csharp.frameworks.system.Web
+  private import semmle.code.csharp.frameworks.system.collections.Generic
+  private import semmle.code.csharp.frameworks.system.web.ui.WebControls
 }
 
 /**

csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll

@@ -1330,106 +1330,6 @@ class IDictionaryFlow extends LibraryTypeDataFlow, RefType {
   }
 }
 
-/** Data flow for `System.Web.HttpCookie`. */
-class SystemWebHttpCookieFlow extends LibraryTypeDataFlow, SystemWebHttpCookie {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    exists(Property p |
-      this.propertyFlow(p) and
-      source = TCallableFlowSourceQualifier() and
-      sink = TCallableFlowSinkReturn() and
-      c = p.getGetter()
-    ) and
-    preservesValue = false
-  }
-
-  private predicate propertyFlow(Property p) {
-    p = this.getValueProperty() or
-    p = this.getValuesProperty()
-  }
-}
-
-/** Data flow for `System.Net.Cookie`. */
-class SystemNetCookieFlow extends LibraryTypeDataFlow, SystemNetCookieClass {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    exists(Property p |
-      this.propertyFlow(p) and
-      source = TCallableFlowSourceQualifier() and
-      sink = TCallableFlowSinkReturn() and
-      c = p.getGetter()
-    ) and
-    preservesValue = false
-  }
-
-  private predicate propertyFlow(Property p) { p = this.getValueProperty() }
-}
-
-/** Data flow for `System.Net.IPHostEntry`. */
-class SystemNetIPHostEntryFlow extends LibraryTypeDataFlow, SystemNetIPHostEntryClass {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    exists(Property p |
-      this.propertyFlow(p) and
-      source = TCallableFlowSourceQualifier() and
-      sink = TCallableFlowSinkReturn() and
-      c = p.getGetter()
-    ) and
-    preservesValue = false
-  }
-
-  private predicate propertyFlow(Property p) {
-    p = this.getHostNameProperty() or
-    p = this.getAliasesProperty()
-  }
-}
-
-/** Data flow for `System.Web.UI.WebControls.TextBox`. */
-class SystemWebUIWebControlsTextBoxFlow extends LibraryTypeDataFlow,
-  SystemWebUIWebControlsTextBoxClass {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    exists(Property p |
-      this.propertyFlow(p) and
-      source = TCallableFlowSourceQualifier() and
-      sink = TCallableFlowSinkReturn() and
-      c = p.getGetter()
-    ) and
-    preservesValue = false
-  }
-
-  private predicate propertyFlow(Property p) { p = this.getTextProperty() }
-}
-
-/** Data flow for `System.Collections.Generic.KeyValuePair`. */
-class SystemCollectionsGenericKeyValuePairStructFlow extends LibraryTypeDataFlow,
-  SystemCollectionsGenericKeyValuePairStruct {
-  override predicate callableFlow(
-    CallableFlowSource source, AccessPath sourceAp, CallableFlowSink sink, AccessPath sinkAp,
-    SourceDeclarationCallable c, boolean preservesValue
-  ) {
-    preservesValue = true and
-    exists(int i |
-      c.(Constructor).getDeclaringType() = this and
-      source = TCallableFlowSourceArg(i) and
-      sourceAp = AccessPath::empty() and
-      sink = TCallableFlowSinkReturn()
-    |
-      i = 0 and sinkAp = AccessPath::property(this.getKeyProperty())
-      or
-      i = 1 and sinkAp = AccessPath::property(this.getValueProperty())
-    )
-  }
-}
-
 /** Data flow for `System.[Value]Tuple<,...,>`. */
 class SystemTupleFlow extends LibraryTypeDataFlow, ValueOrRefType {
   SystemTupleFlow() {
@@ -2065,56 +1965,6 @@ class SystemIOPathFlow extends LibraryTypeDataFlow, SystemIOPathClass {
   }
 }
 
-/** Data flow for `System.Web.HttpUtility`. */
-class SystemWebHttpUtilityFlow extends LibraryTypeDataFlow, SystemWebHttpUtility {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    (
-      c = this.getAnHtmlAttributeEncodeMethod() or
-      c = this.getAnHtmlEncodeMethod() or
-      c = this.getAJavaScriptStringEncodeMethod() or
-      c = this.getAnUrlEncodeMethod()
-    ) and
-    source = TCallableFlowSourceArg(0) and
-    sink = TCallableFlowSinkReturn() and
-    preservesValue = false
-  }
-}
-
-/** Data flow for `System.Web.HttpServerUtility`. */
-class SystemWebHttpServerUtilityFlow extends LibraryTypeDataFlow, SystemWebHttpServerUtility {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    (
-      c = this.getAnHtmlEncodeMethod() or
-      c = this.getAnUrlEncodeMethod()
-    ) and
-    source = TCallableFlowSourceArg(0) and
-    sink = TCallableFlowSinkReturn() and
-    preservesValue = false
-  }
-}
-
-/** Data flow for `System.Net.WebUtility`. */
-class SystemNetWebUtilityFlow extends LibraryTypeDataFlow, SystemNetWebUtility {
-  override predicate callableFlow(
-    CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
-    boolean preservesValue
-  ) {
-    (
-      c = this.getAnHtmlEncodeMethod() or
-      c = this.getAnUrlEncodeMethod()
-    ) and
-    source = TCallableFlowSourceArg(0) and
-    sink = TCallableFlowSinkReturn() and
-    preservesValue = false
-  }
-}
-
 /**
  * Custom flow through `StringValues` library class.
  */

csharp/ql/lib/semmle/code/csharp/frameworks/system/Net.qll

@@ -2,6 +2,7 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.System
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Net` namespace. */
 class SystemNetNamespace extends Namespace {
@@ -27,6 +28,18 @@ class SystemNetWebUtility extends SystemNetClass {
   Method getAnUrlEncodeMethod() { result = this.getAMethod("UrlEncode") }
 }
 
+/** Data flow for `System.Net.WebUtility`. */
+private class SystemNetWebUtilityFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Net;WebUtility;false;HtmlEncode;(System.String);;Argument[0];ReturnValue;taint",
+        "System.Net;WebUtility;false;HtmlEncode;(System.String,System.IO.TextWriter);;Argument[0];ReturnValue;taint",
+        "System.Net;WebUtility;false;UrlEncode;(System.String);;Argument[0];ReturnValue;taint"
+      ]
+  }
+}
+
 /** The `System.Net.HttpListenerResponse` class. */
 class SystemNetHttpListenerResponseClass extends SystemNetClass {
   SystemNetHttpListenerResponseClass() { this.hasName("HttpListenerResponse") }
@@ -59,10 +72,28 @@ class SystemNetIPHostEntryClass extends SystemNetClass {
   Property getAliasesProperty() { result = this.getProperty("Aliases") }
 }
 
+/** Data flow for `System.Net.IPHostEntry`. */
+private class SystemNetIPHostEntryClassFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Net;IPHostEntry;false;get_Aliases;();;Argument[-1];ReturnValue;taint",
+        "System.Net;IPHostEntry;false;get_HostName;();;Argument[-1];ReturnValue;taint"
+      ]
+  }
+}
+
 /** The `System.Net.Cookie` class. */
 class SystemNetCookieClass extends SystemNetClass {
   SystemNetCookieClass() { this.hasName("Cookie") }
 
   /** Gets the `Value` property. */
   Property getValueProperty() { result = this.getProperty("Value") }
 }
+
+/** Data flow for `System.Net.Cookie`. */
+private class SystemNetCookieClassFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row = "System.Net;Cookie;false;get_Value;();;Argument[-1];ReturnValue;taint"
+  }
+}

csharp/ql/lib/semmle/code/csharp/frameworks/system/Web.qll

@@ -3,6 +3,7 @@
 import csharp
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.collections.Specialized
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Web` namespace. */
 class SystemWebNamespace extends Namespace {
@@ -174,6 +175,17 @@ class SystemWebHttpServerUtility extends SystemWebClass {
   Method getAnUrlEncodeMethod() { result = this.getAMethod("UrlEncode") }
 }
 
+/** Data flow for `System.Web.HttpServerUtility`. */
+private class SystemWebHttpServerUtilityFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Web;HttpServerUtility;false;HtmlEncode;(System.String);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpServerUtility;false;UrlEncode;(System.String);;Argument[0];ReturnValue;taint"
+      ]
+  }
+}
+
 /** The `System.Web.HttpUtility` class. */
 class SystemWebHttpUtility extends SystemWebClass {
   SystemWebHttpUtility() { this.hasName("HttpUtility") }
@@ -191,6 +203,26 @@ class SystemWebHttpUtility extends SystemWebClass {
   Method getAnUrlEncodeMethod() { result = this.getAMethod("UrlEncode") }
 }
 
+/** Data flow for `System.Web.HttpUtility`. */
+private class SystemWebHttpUtilityFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Web;HttpUtility;false;HtmlAttributeEncode;(System.String);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;HtmlAttributeEncode;(System.String,System.IO.TextWriter);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;HtmlEncode;(System.Object);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;HtmlEncode;(System.String);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;HtmlEncode;(System.String,System.IO.TextWriter);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;JavaScriptStringEncode;(System.String);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;JavaScriptStringEncode;(System.String,System.Boolean);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;UrlEncode;(System.Byte[]);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;UrlEncode;(System.Byte[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;UrlEncode;(System.String);;Argument[0];ReturnValue;taint",
+        "System.Web;HttpUtility;false;UrlEncode;(System.String,System.Text.Encoding);;Argument[0];ReturnValue;taint"
+      ]
+  }
+}
+
 /** The `System.Web.HttpCookie` class. */
 class SystemWebHttpCookie extends SystemWebClass {
   SystemWebHttpCookie() { this.hasName("HttpCookie") }
@@ -205,6 +237,17 @@ class SystemWebHttpCookie extends SystemWebClass {
   Property getSecureProperty() { result = this.getProperty("Secure") }
 }
 
+/** Data flow for `System.Web.HttpCookie`. */
+private class SystemWebHttpCookieFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Web;HttpCookie;false;get_Value;();;Argument[-1];ReturnValue;taint",
+        "System.Web;HttpCookie;false;get_Values;();;Argument[-1];ReturnValue;taint"
+      ]
+  }
+}
+
 /** The `System.Web.IHtmlString` class. */
 class SystemWebIHtmlString extends SystemWebInterface {
   SystemWebIHtmlString() { this.hasName("IHtmlString") }

csharp/ql/lib/semmle/code/csharp/frameworks/system/collections/Generic.qll

@@ -2,6 +2,7 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.Collections
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Collections.Generic` namespace. */
 class SystemCollectionsGenericNamespace extends Namespace {
@@ -123,6 +124,17 @@ class SystemCollectionsGenericKeyValuePairStruct extends SystemCollectionsGeneri
   }
 }
 
+/** Data flow for `System.Collections.Generic.KeyValuePair`. */
+private class SystemCollectionsGenericKeyValuePairStructFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;(TKey,TValue);;Argument[0];Property[System.Collections.Generic.KeyValuePair<,>.Key] of ReturnValue;value",
+        "System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;(TKey,TValue);;Argument[1];Property[System.Collections.Generic.KeyValuePair<,>.Value] of ReturnValue;value"
+      ]
+  }
+}
+
 /** The `System.Collections.Generic.ICollection<>` interface. */
 class SystemCollectionsGenericICollectionInterface extends SystemCollectionsGenericUnboundGenericInterface {
   SystemCollectionsGenericICollectionInterface() { this.hasName("ICollection<>") }

csharp/ql/lib/semmle/code/csharp/frameworks/system/web/ui/WebControls.qll

@@ -2,6 +2,7 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.system.web.UI
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.Web.UI.WebControls` namespace. */
 class SystemWebUIWebControlsNamespace extends Namespace {
@@ -28,6 +29,13 @@ class SystemWebUIWebControlsTextBoxClass extends SystemWebUIWebControlsClass {
   }
 }
 
+/** Data flow for `System.Web.UI.WebControls.TextBox`. */
+private class SystebWebUIWebControlsTextBoxClassFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row = "System.Web.UI.WebControls;TextBox;false;get_Text;();;Argument[-1];ReturnValue;taint"
+  }
+}
+
 /** The `System.Web.UI.WebControls.Label` class. */
 class SystemWebUIWebControlsLabelClass extends SystemWebUIWebControlsClass {
   SystemWebUIWebControlsLabelClass() { this.hasName("Label") }

csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected

@@ -225,8 +225,6 @@
 | System.Collections.Generic;IList<>;true;get_Item;(System.Int32);;Element of Argument[-1];ReturnValue;value |
 | System.Collections.Generic;IList<>;true;set_Item;(System.Int32,T);;Argument[1];Element of Argument[-1];value |
 | System.Collections.Generic;ISet<>;true;Add;(T);;Argument[0];Element of Argument[-1];value |
-| System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;();;Argument[0];Property[System.Collections.Generic.KeyValuePair<,>.Key] of ReturnValue;value |
-| System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;();;Argument[1];Property[System.Collections.Generic.KeyValuePair<,>.Value] of ReturnValue;value |
 | System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;(TKey,TValue);;Argument[0];Property[System.Collections.Generic.KeyValuePair<,>.Key] of ReturnValue;value |
 | System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;(TKey,TValue);;Argument[1];Property[System.Collections.Generic.KeyValuePair<,>.Value] of ReturnValue;value |
 | System.Collections.Generic;LinkedList<>;false;Add;(T);;Argument[0];Element of Argument[-1];value |
@@ -2220,6 +2218,7 @@
 | System.Web.UI.WebControls;TextBox;false;get_Text;();;Argument[-1];ReturnValue;taint |
 | System.Web;HttpCookie;false;get_Value;();;Argument[-1];ReturnValue;taint |
 | System.Web;HttpCookie;false;get_Values;();;Argument[-1];ReturnValue;taint |
+| System.Web;HttpServerUtility;false;HtmlEncode;(System.String);;Argument[0];ReturnValue;taint |
 | System.Web;HttpServerUtility;false;UrlEncode;(System.String);;Argument[0];ReturnValue;taint |
 | System.Web;HttpUtility;false;HtmlAttributeEncode;(System.String);;Argument[0];ReturnValue;taint |
 | System.Web;HttpUtility;false;HtmlAttributeEncode;(System.String,System.IO.TextWriter);;Argument[0];ReturnValue;taint |

csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected

@@ -190,8 +190,6 @@
 | System.Collections.Generic;IDictionary<,>;true;set_Item;(TKey,TValue);;Argument[1];Property[System.Collections.Generic.KeyValuePair<,>.Value] of Element of Argument[-1];value |
 | System.Collections.Generic;IList<>;true;get_Item;(System.Int32);;Element of Argument[-1];ReturnValue;value |
 | System.Collections.Generic;IList<>;true;set_Item;(System.Int32,T);;Argument[1];Element of Argument[-1];value |
-| System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;();;Argument[0];Property[System.Collections.Generic.KeyValuePair<,>.Key] of ReturnValue;value |
-| System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;();;Argument[1];Property[System.Collections.Generic.KeyValuePair<,>.Value] of ReturnValue;value |
 | System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;(TKey,TValue);;Argument[0];Property[System.Collections.Generic.KeyValuePair<,>.Key] of ReturnValue;value |
 | System.Collections.Generic;KeyValuePair<,>;false;KeyValuePair;(TKey,TValue);;Argument[1];Property[System.Collections.Generic.KeyValuePair<,>.Value] of ReturnValue;value |
 | System.Collections.Generic;LinkedList<>;false;Add;(T);;Argument[0];Element of Argument[-1];value |
@@ -1905,6 +1903,7 @@
 | System.Web.UI.WebControls;TextBox;false;get_Text;();;Argument[-1];ReturnValue;taint |
 | System.Web;HttpCookie;false;get_Value;();;Argument[-1];ReturnValue;taint |
 | System.Web;HttpCookie;false;get_Values;();;Argument[-1];ReturnValue;taint |
+| System.Web;HttpServerUtility;false;HtmlEncode;(System.String);;Argument[0];ReturnValue;taint |
 | System.Web;HttpServerUtility;false;UrlEncode;(System.String);;Argument[0];ReturnValue;taint |
 | System.Web;HttpUtility;false;HtmlAttributeEncode;(System.String);;Argument[0];ReturnValue;taint |
 | System.Web;HttpUtility;false;HtmlAttributeEncode;(System.String,System.IO.TextWriter);;Argument[0];ReturnValue;taint |

csharp/ql/test/resources/stubs/System.Web.cs

@@ -42,6 +42,7 @@ public class HttpServerUtility
     {
         public void Transfer(string path) { }
         public string UrlEncode(string s) => null;
+        public string HtmlEncode(string s) => null;
     }
 
     public class HttpApplication : IHttpHandler