get rid of getParent

edvraa · edvraa · commit b6952d541ae3 · 2021-04-21T16:55:34.000+03:00
diff --git a/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql b/csharp/ql/src/Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
@@ -24,18 +24,20 @@ where
   (
     exists(
       DataFlow::Node weakTypeCreation, DataFlow::Node weakTypeUsage,
-      WeakTypeCreationToUsageTrackingConfig weakTypeDeserializerTracking
+      WeakTypeCreationToUsageTrackingConfig weakTypeDeserializerTracking, MethodCall mc
     |
       weakTypeDeserializerTracking.hasFlow(weakTypeCreation, weakTypeUsage) and
-      weakTypeUsage.asExpr().getParent() = deserializeCallArg.getNode().asExpr().getParent()
+      mc.getQualifier() = weakTypeUsage.asExpr() and
+      mc.getAnArgument() = deserializeCallArg.getNode().asExpr()
     )
     or
     exists(
       TaintToObjectTypeTrackingConfig userControlledTypeTracking, DataFlow::Node taintedTypeUsage,
-      DataFlow::Node userInput2
+      DataFlow::Node userInput2, MethodCall mc
     |
       userControlledTypeTracking.hasFlow(userInput2, taintedTypeUsage) and
-      taintedTypeUsage.asExpr().getParent() = deserializeCallArg.getNode().asExpr().getParent()
+      mc.getQualifier() = taintedTypeUsage.asExpr() and
+      mc.getAnArgument() = deserializeCallArg.getNode().asExpr()
     )
   ) and
   // exclude deserialization flows with safe instances (i.e. JavaScriptSerializer without resolver)

Original file line number	Diff line number	Diff line change
`@@ -24,18 +24,20 @@ where`
`24`	`24`	`(`
`25`	`25`	`exists(`
`26`	`26`	`DataFlow::Node weakTypeCreation, DataFlow::Node weakTypeUsage,`
`27`		`- WeakTypeCreationToUsageTrackingConfig weakTypeDeserializerTracking`
	`27`	`+ WeakTypeCreationToUsageTrackingConfig weakTypeDeserializerTracking, MethodCall mc`
`28`	`28`	`\|`
`29`	`29`	`weakTypeDeserializerTracking.hasFlow(weakTypeCreation, weakTypeUsage) and`
`30`		`- weakTypeUsage.asExpr().getParent() = deserializeCallArg.getNode().asExpr().getParent()`
	`30`	`+ mc.getQualifier() = weakTypeUsage.asExpr() and`
	`31`	`+ mc.getAnArgument() = deserializeCallArg.getNode().asExpr()`
`31`	`32`	`)`
`32`	`33`	`or`
`33`	`34`	`exists(`
`34`	`35`	`TaintToObjectTypeTrackingConfig userControlledTypeTracking, DataFlow::Node taintedTypeUsage,`
`35`		`- DataFlow::Node userInput2`
	`36`	`+ DataFlow::Node userInput2, MethodCall mc`
`36`	`37`	`\|`
`37`	`38`	`userControlledTypeTracking.hasFlow(userInput2, taintedTypeUsage) and`
`38`		`- taintedTypeUsage.asExpr().getParent() = deserializeCallArg.getNode().asExpr().getParent()`
	`39`	`+ mc.getQualifier() = taintedTypeUsage.asExpr() and`
	`40`	`+ mc.getAnArgument() = deserializeCallArg.getNode().asExpr()`
`39`	`41`	`)`
`40`	`42`	`) and`
`41`	`43`	`// exclude deserialization flows with safe instances (i.e. JavaScriptSerializer without resolver)`