C#: Convert data-flow test queries to path-problems

hvitved · tamasvajk · commit 80a7b52f385d · 2021-03-09T09:14:24.000+01:00
diff --git a/csharp/ql/test/library-tests/csharp7/GlobalFlow.expected b/csharp/ql/test/library-tests/csharp7/GlobalFlow.expected
@@ -1,6 +1,40 @@
-| CSharp7.cs:41:13:41:21 | "tainted" | CSharp7.cs:53:18:53:19 | access to local variable t1 |
-| CSharp7.cs:57:11:57:19 | "tainted" | CSharp7.cs:58:18:58:19 | access to local variable t4 |
-| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:92:18:92:28 | call to method I |
-| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" |
-| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:183:21:183:26 | call to local function g |
-| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:184:21:184:26 | call to local function h |
+edges
+| CSharp7.cs:41:9:41:21 | SSA def(x) : String | CSharp7.cs:51:22:51:23 | SSA def(t1) : String |
+| CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:41:9:41:21 | SSA def(x) : String |
+| CSharp7.cs:51:22:51:23 | SSA def(t1) : String | CSharp7.cs:53:18:53:19 | access to local variable t1 |
+| CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:57:30:57:31 | SSA def(t4) : String |
+| CSharp7.cs:57:30:57:31 | SSA def(t4) : String | CSharp7.cs:58:18:58:19 | access to local variable t4 |
+| CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String | CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String |
+| CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String |
+| CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String | CSharp7.cs:92:20:92:27 | access to field Item1 : String |
+| CSharp7.cs:92:20:92:27 | access to field Item1 : String | CSharp7.cs:92:18:92:28 | call to method I |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:183:23:183:25 | access to local variable src : String |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:184:23:184:25 | access to local variable src : String |
+| CSharp7.cs:183:23:183:25 | access to local variable src : String | CSharp7.cs:183:21:183:26 | call to local function g |
+| CSharp7.cs:184:23:184:25 | access to local variable src : String | CSharp7.cs:184:21:184:26 | call to local function h |
+nodes
+| CSharp7.cs:41:9:41:21 | SSA def(x) : String | semmle.label | SSA def(x) : String |
+| CSharp7.cs:41:13:41:21 | "tainted" : String | semmle.label | "tainted" : String |
+| CSharp7.cs:51:22:51:23 | SSA def(t1) : String | semmle.label | SSA def(t1) : String |
+| CSharp7.cs:53:18:53:19 | access to local variable t1 | semmle.label | access to local variable t1 |
+| CSharp7.cs:57:11:57:19 | "tainted" : String | semmle.label | "tainted" : String |
+| CSharp7.cs:57:30:57:31 | SSA def(t4) : String | semmle.label | SSA def(t4) : String |
+| CSharp7.cs:58:18:58:19 | access to local variable t4 | semmle.label | access to local variable t4 |
+| CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String | semmle.label | (..., ...) [Item1] : String |
+| CSharp7.cs:89:19:89:27 | "tainted" : String | semmle.label | "tainted" : String |
+| CSharp7.cs:92:18:92:28 | call to method I | semmle.label | call to method I |
+| CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String | semmle.label | access to local variable t1 [Item1] : String |
+| CSharp7.cs:92:20:92:27 | access to field Item1 : String | semmle.label | access to field Item1 : String |
+| CSharp7.cs:177:22:177:30 | "tainted" | semmle.label | "tainted" |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | semmle.label | "tainted" : String |
+| CSharp7.cs:183:21:183:26 | call to local function g | semmle.label | call to local function g |
+| CSharp7.cs:183:23:183:25 | access to local variable src : String | semmle.label | access to local variable src : String |
+| CSharp7.cs:184:21:184:26 | call to local function h | semmle.label | call to local function h |
+| CSharp7.cs:184:23:184:25 | access to local variable src : String | semmle.label | access to local variable src : String |
+#select
+| CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:53:18:53:19 | access to local variable t1 | $@ | CSharp7.cs:53:18:53:19 | access to local variable t1 | access to local variable t1 |
+| CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:58:18:58:19 | access to local variable t4 | $@ | CSharp7.cs:58:18:58:19 | access to local variable t4 | access to local variable t4 |
+| CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:92:18:92:28 | call to method I | $@ | CSharp7.cs:92:18:92:28 | call to method I | call to method I |
+| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" | $@ | CSharp7.cs:177:22:177:30 | "tainted" | "tainted" |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:183:21:183:26 | call to local function g | $@ | CSharp7.cs:183:21:183:26 | call to local function g | call to local function g |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:184:21:184:26 | call to local function h | $@ | CSharp7.cs:184:21:184:26 | call to local function h | call to local function h |
diff --git a/csharp/ql/test/library-tests/csharp7/GlobalFlow.ql b/csharp/ql/test/library-tests/csharp7/GlobalFlow.ql
@@ -1,4 +1,9 @@
+/**
+ * @kind path-problem
+ */
+
 import csharp
+import DataFlow::PathGraph
 
 class DataflowConfiguration extends DataFlow::Configuration {
   DataflowConfiguration() { this = "data flow configuration" }
@@ -12,6 +17,6 @@ class DataflowConfiguration extends DataFlow::Configuration {
   }
 }
 
-from DataflowConfiguration config, DataFlow::Node source, DataFlow::Node sink
-where config.hasFlow(source, sink)
-select source, sink
+from DataFlow::PathNode source, DataFlow::PathNode sink, DataflowConfiguration conf
+where conf.hasFlowPath(source, sink)
+select source, source, sink, "$@", sink, sink.toString()
diff --git a/csharp/ql/test/library-tests/csharp7/GlobalTaintTracking.expected b/csharp/ql/test/library-tests/csharp7/GlobalTaintTracking.expected
@@ -1,7 +1,45 @@
-| CSharp7.cs:41:13:41:21 | "tainted" | CSharp7.cs:53:18:53:19 | access to local variable t1 |
-| CSharp7.cs:57:11:57:19 | "tainted" | CSharp7.cs:58:18:58:19 | access to local variable t4 |
-| CSharp7.cs:89:19:89:27 | "tainted" | CSharp7.cs:92:18:92:28 | call to method I |
-| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" |
-| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:182:21:182:26 | call to local function f |
-| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:183:21:183:26 | call to local function g |
-| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:184:21:184:26 | call to local function h |
+edges
+| CSharp7.cs:41:9:41:21 | SSA def(x) : String | CSharp7.cs:51:22:51:23 | SSA def(t1) : String |
+| CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:41:9:41:21 | SSA def(x) : String |
+| CSharp7.cs:51:22:51:23 | SSA def(t1) : String | CSharp7.cs:53:18:53:19 | access to local variable t1 |
+| CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:57:30:57:31 | SSA def(t4) : String |
+| CSharp7.cs:57:30:57:31 | SSA def(t4) : String | CSharp7.cs:58:18:58:19 | access to local variable t4 |
+| CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String | CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String |
+| CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String |
+| CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String | CSharp7.cs:92:20:92:27 | access to field Item1 : String |
+| CSharp7.cs:92:20:92:27 | access to field Item1 : String | CSharp7.cs:92:18:92:28 | call to method I |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:182:23:182:25 | access to local variable src : String |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:183:23:183:25 | access to local variable src : String |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:184:23:184:25 | access to local variable src : String |
+| CSharp7.cs:182:23:182:25 | access to local variable src : String | CSharp7.cs:182:21:182:26 | call to local function f |
+| CSharp7.cs:183:23:183:25 | access to local variable src : String | CSharp7.cs:183:21:183:26 | call to local function g |
+| CSharp7.cs:184:23:184:25 | access to local variable src : String | CSharp7.cs:184:21:184:26 | call to local function h |
+nodes
+| CSharp7.cs:41:9:41:21 | SSA def(x) : String | semmle.label | SSA def(x) : String |
+| CSharp7.cs:41:13:41:21 | "tainted" : String | semmle.label | "tainted" : String |
+| CSharp7.cs:51:22:51:23 | SSA def(t1) : String | semmle.label | SSA def(t1) : String |
+| CSharp7.cs:53:18:53:19 | access to local variable t1 | semmle.label | access to local variable t1 |
+| CSharp7.cs:57:11:57:19 | "tainted" : String | semmle.label | "tainted" : String |
+| CSharp7.cs:57:30:57:31 | SSA def(t4) : String | semmle.label | SSA def(t4) : String |
+| CSharp7.cs:58:18:58:19 | access to local variable t4 | semmle.label | access to local variable t4 |
+| CSharp7.cs:89:18:89:34 | (..., ...) [Item1] : String | semmle.label | (..., ...) [Item1] : String |
+| CSharp7.cs:89:19:89:27 | "tainted" : String | semmle.label | "tainted" : String |
+| CSharp7.cs:92:18:92:28 | call to method I | semmle.label | call to method I |
+| CSharp7.cs:92:20:92:21 | access to local variable t1 [Item1] : String | semmle.label | access to local variable t1 [Item1] : String |
+| CSharp7.cs:92:20:92:27 | access to field Item1 : String | semmle.label | access to field Item1 : String |
+| CSharp7.cs:177:22:177:30 | "tainted" | semmle.label | "tainted" |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | semmle.label | "tainted" : String |
+| CSharp7.cs:182:21:182:26 | call to local function f | semmle.label | call to local function f |
+| CSharp7.cs:182:23:182:25 | access to local variable src : String | semmle.label | access to local variable src : String |
+| CSharp7.cs:183:21:183:26 | call to local function g | semmle.label | call to local function g |
+| CSharp7.cs:183:23:183:25 | access to local variable src : String | semmle.label | access to local variable src : String |
+| CSharp7.cs:184:21:184:26 | call to local function h | semmle.label | call to local function h |
+| CSharp7.cs:184:23:184:25 | access to local variable src : String | semmle.label | access to local variable src : String |
+#select
+| CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:41:13:41:21 | "tainted" : String | CSharp7.cs:53:18:53:19 | access to local variable t1 | $@ | CSharp7.cs:53:18:53:19 | access to local variable t1 | access to local variable t1 |
+| CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:57:11:57:19 | "tainted" : String | CSharp7.cs:58:18:58:19 | access to local variable t4 | $@ | CSharp7.cs:58:18:58:19 | access to local variable t4 | access to local variable t4 |
+| CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:89:19:89:27 | "tainted" : String | CSharp7.cs:92:18:92:28 | call to method I | $@ | CSharp7.cs:92:18:92:28 | call to method I | call to method I |
+| CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" | CSharp7.cs:177:22:177:30 | "tainted" | $@ | CSharp7.cs:177:22:177:30 | "tainted" | "tainted" |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:182:21:182:26 | call to local function f | $@ | CSharp7.cs:182:21:182:26 | call to local function f | call to local function f |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:183:21:183:26 | call to local function g | $@ | CSharp7.cs:183:21:183:26 | call to local function g | call to local function g |
+| CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:177:22:177:30 | "tainted" : String | CSharp7.cs:184:21:184:26 | call to local function h | $@ | CSharp7.cs:184:21:184:26 | call to local function h | call to local function h |
diff --git a/csharp/ql/test/library-tests/csharp7/GlobalTaintTracking.ql b/csharp/ql/test/library-tests/csharp7/GlobalTaintTracking.ql
@@ -1,4 +1,9 @@
+/**
+ * @kind path-problem
+ */
+
 import csharp
+import DataFlow::PathGraph
 
 class DataflowConfiguration extends TaintTracking::Configuration {
   DataflowConfiguration() { this = "taint tracking configuration" }
@@ -12,6 +17,6 @@ class DataflowConfiguration extends TaintTracking::Configuration {
   }
 }
 
-from DataflowConfiguration config, DataFlow::Node source, DataFlow::Node sink
-where config.hasFlow(source, sink)
-select source, sink
+from DataFlow::PathNode source, DataFlow::PathNode sink, DataflowConfiguration conf
+where conf.hasFlowPath(source, sink)
+select source, source, sink, "$@", sink, sink.toString()
diff --git a/csharp/ql/test/library-tests/dataflow/tuples/Tuples.ql b/csharp/ql/test/library-tests/dataflow/tuples/Tuples.ql
@@ -6,7 +6,7 @@ import csharp
 import DataFlow::PathGraph
 
 class Conf extends DataFlow::Configuration {
-  Conf() { this = "TypesConf" }
+  Conf() { this = "TuplesConf" }
 
   override predicate isSource(DataFlow::Node src) {
     src.asExpr().(StringLiteral).getValue() = "taint source"
