Fix review findings

tamasvajk · tamasvajk · commit 0946ae2ae934 · 2021-06-30T11:39:51.000+02:00
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/ExternalFlow.qll b/csharp/ql/src/semmle/code/csharp/dataflow/ExternalFlow.qll
@@ -86,7 +86,7 @@ private import internal.FlowSummaryImplSpecific
 private module Frameworks {
   private import semmle.code.csharp.security.dataflow.flowsources.Local
   private import semmle.code.csharp.security.dataflow.flowsinks.Html
-  private import semmle.code.csharp.dataflow.LibraryTypeDataFlow
+  private import semmle.code.csharp.frameworks.System
   private import semmle.code.csharp.security.dataflow.XSS
 }
 
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll b/csharp/ql/src/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll
@@ -23,7 +23,6 @@ private import semmle.code.csharp.dataflow.internal.DelegateDataFlow
 private import semmle.code.csharp.frameworks.EntityFramework
 private import semmle.code.csharp.frameworks.JsonNET
 private import FlowSummary
-private import semmle.code.csharp.dataflow.ExternalFlow
 
 private newtype TAccessPath =
   TNilAccessPath() or
@@ -500,21 +499,6 @@ private module FrameworkDataFlowAdaptor {
   }
 }
 
-/** Data flow for `System.Int32`. */
-private class SystemInt32FlowModelCsv extends SummaryModelCsv {
-  override predicate row(string row) {
-    row =
-      [
-        "System;Int32;false;Parse;;;Argument[0];ReturnValue;taint",
-        "System;Int32;false;TryParse;;;Argument[0];ReturnValue;taint",
-        "System;Int32;false;TryParse;(System.String,System.Int32);;Argument[0];Argument[1];taint",
-        "System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Int32);;Element of Argument[0];Argument[1];taint",
-        "System;Int32;false;TryParse;(System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Argument[0];Argument[3];taint",
-        "System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Element of Argument[0];Argument[3];taint"
-      ]
-  }
-}
-
 /** Data flow for `System.Boolean`. */
 class SystemBooleanFlow extends LibraryTypeDataFlow, SystemBooleanStruct {
   override predicate callableFlow(
diff --git a/csharp/ql/src/semmle/code/csharp/frameworks/System.qll b/csharp/ql/src/semmle/code/csharp/frameworks/System.qll
@@ -2,6 +2,7 @@
 
 import csharp
 private import system.Reflection
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System` namespace. */
 class SystemNamespace extends Namespace {
@@ -200,6 +201,28 @@ class SystemInt32Struct extends IntType {
   }
 }
 
+/** Data flow for `System.Int32`. */
+private class SystemInt32FlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System;Int32;false;Parse;(System.String);;Argument[0];ReturnValue;taint",
+        "System;Int32;false;Parse;(System.String,System.IFormatProvider);;Argument[0];ReturnValue;taint",
+        "System;Int32;false;Parse;(System.String,System.Globalization.NumberStyles);;Argument[0];ReturnValue;taint",
+        "System;Int32;false;Parse;(System.String,System.Globalization.NumberStyles,System.IFormatProvider);;Argument[0];ReturnValue;taint",
+        "System;Int32;false;Parse;(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider);;Element of Argument[0];ReturnValue;taint",
+        "System;Int32;false;TryParse;(System.String,System.Int32);;Argument[0];ReturnValue;taint",
+        "System;Int32;false;TryParse;(System.String,System.Int32);;Argument[0];Argument[1];taint",
+        "System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Int32);;Element of Argument[0];ReturnValue;taint",
+        "System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Int32);;Element of Argument[0];Argument[1];taint",
+        "System;Int32;false;TryParse;(System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Argument[0];ReturnValue;taint",
+        "System;Int32;false;TryParse;(System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Argument[0];Argument[3];taint",
+        "System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Element of Argument[0];ReturnValue;taint",
+        "System;Int32;false;TryParse;(System.ReadOnlySpan<System.Char>,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32);;Element of Argument[0];Argument[3];taint"
+      ]
+  }
+}
+
 /** The `System.InvalidCastException` class. */
 class SystemInvalidCastExceptionClass extends SystemClass {
   SystemInvalidCastExceptionClass() { this.hasName("InvalidCastException") }
diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
@@ -1217,15 +1217,15 @@
 | System.IO.UnmanagedMemoryStreamWrapper.ToArray() | argument -1 -> return (normal) | false |
 | System.IO.UnmanagedMemoryStreamWrapper.Write(Byte[], int, int) | argument 0 -> argument -1 | false |
 | System.IO.UnmanagedMemoryStreamWrapper.WriteAsync(Byte[], int, int, CancellationToken) | argument 0 -> argument -1 | false |
-| System.Int32.Parse(ReadOnlySpan<Char>, NumberStyles, IFormatProvider) | argument 0 -> return (normal) | false |
+| System.Int32.Parse(ReadOnlySpan<Char>, NumberStyles, IFormatProvider) | element of argument 0 -> return (normal) | false |
 | System.Int32.Parse(string) | argument 0 -> return (normal) | false |
 | System.Int32.Parse(string, IFormatProvider) | argument 0 -> return (normal) | false |
 | System.Int32.Parse(string, NumberStyles) | argument 0 -> return (normal) | false |
 | System.Int32.Parse(string, NumberStyles, IFormatProvider) | argument 0 -> return (normal) | false |
-| System.Int32.TryParse(ReadOnlySpan<Char>, NumberStyles, IFormatProvider, out int) | argument 0 -> return (normal) | false |
 | System.Int32.TryParse(ReadOnlySpan<Char>, NumberStyles, IFormatProvider, out int) | element of argument 0 -> argument 3 | false |
-| System.Int32.TryParse(ReadOnlySpan<Char>, out int) | argument 0 -> return (normal) | false |
+| System.Int32.TryParse(ReadOnlySpan<Char>, NumberStyles, IFormatProvider, out int) | element of argument 0 -> return (normal) | false |
 | System.Int32.TryParse(ReadOnlySpan<Char>, out int) | element of argument 0 -> argument 1 | false |
+| System.Int32.TryParse(ReadOnlySpan<Char>, out int) | element of argument 0 -> return (normal) | false |
 | System.Int32.TryParse(string, NumberStyles, IFormatProvider, out int) | argument 0 -> argument 3 | false |
 | System.Int32.TryParse(string, NumberStyles, IFormatProvider, out int) | argument 0 -> return (normal) | false |
 | System.Int32.TryParse(string, out int) | argument 0 -> argument 1 | false |

Original file line number	Diff line number	Diff line change
`@@ -86,7 +86,7 @@ private import internal.FlowSummaryImplSpecific`
`86`	`86`	`private module Frameworks {`
`87`	`87`	`private import semmle.code.csharp.security.dataflow.flowsources.Local`
`88`	`88`	`private import semmle.code.csharp.security.dataflow.flowsinks.Html`
`89`		`- private import semmle.code.csharp.dataflow.LibraryTypeDataFlow`
	`89`	`+ private import semmle.code.csharp.frameworks.System`
`90`	`90`	`private import semmle.code.csharp.security.dataflow.XSS`
`91`	`91`	`}`
`92`	`92`