Merge pull request github#12732 from michaelnebel/csharp/refactorunittests

C#: Re-factor data flow unit tests to use the new API.

Author: michaelnebel

csharp/ql/test/TestUtilities/InlineFlowTest.qll

@@ -4,12 +4,13 @@
  * Example for a test.ql:
  * ```ql
  * import csharp
- * import DataFlow::PathGraph
+ * import DefaultValueFlow::PathGraph
  * import TestUtilities.InlineFlowTest
  *
- * from DataFlow::PathNode source, DataFlow::PathNode sink, DefaultValueFlowConf conf
- * where conf.hasFlowPath(source, sink)
+ * from DefaultValueFlow::PathNode source, DefaultValueFlow::PathNode sink
+ * where DefaultValueFlow::flowPath(source, sink)
  * select sink, source, sink, "$@", source, source.toString()
+ *
  * ```
  *
  * To declare expecations, you can use the $hasTaintFlow or $hasValueFlow comments within the test source files.
@@ -56,25 +57,17 @@ private predicate defaultSink(DataFlow::Node sink) {
   )
 }
 
-class DefaultValueFlowConf extends DataFlow::Configuration {
-  DefaultValueFlowConf() { this = "qltest:defaultValueFlowConf" }
-
-  override predicate isSource(DataFlow::Node n) { defaultSource(n) }
+module DefaultFlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node n) { defaultSource(n) }
 
-  override predicate isSink(DataFlow::Node n) { defaultSink(n) }
+  predicate isSink(DataFlow::Node n) { defaultSink(n) }
 
-  override int fieldFlowBranchLimit() { result = 1000 }
+  int fieldFlowBranchLimit() { result = 1000 }
 }
 
-class DefaultTaintFlowConf extends TaintTracking::Configuration {
-  DefaultTaintFlowConf() { this = "qltest:defaultTaintFlowConf" }
+module DefaultValueFlow = DataFlow::Global<DefaultFlowConfig>;
 
-  override predicate isSource(DataFlow::Node n) { defaultSource(n) }
-
-  override predicate isSink(DataFlow::Node n) { defaultSink(n) }
-
-  override int fieldFlowBranchLimit() { result = 1000 }
-}
+module DefaultTaintFlow = TaintTracking::Global<DefaultFlowConfig>;
 
 private string getSourceArgString(DataFlow::Node src) {
   defaultSource(src) and
@@ -88,23 +81,19 @@ class InlineFlowTest extends InlineExpectationsTest {
 
   override predicate hasActualResult(Location location, string element, string tag, string value) {
     tag = "hasValueFlow" and
-    exists(DataFlow::Node src, DataFlow::Node sink | getValueFlowConfig().hasFlow(src, sink) |
+    exists(DataFlow::Node src, DataFlow::Node sink | DefaultValueFlow::flow(src, sink) |
       sink.getLocation() = location and
       element = sink.toString() and
       if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
     )
     or
     tag = "hasTaintFlow" and
     exists(DataFlow::Node src, DataFlow::Node sink |
-      getTaintFlowConfig().hasFlow(src, sink) and not getValueFlowConfig().hasFlow(src, sink)
+      DefaultTaintFlow::flow(src, sink) and not DefaultValueFlow::flow(src, sink)
     |
       sink.getLocation() = location and
       element = sink.toString() and
       if exists(getSourceArgString(src)) then value = getSourceArgString(src) else value = ""
     )
   }
-
-  DataFlow::Configuration getValueFlowConfig() { result = any(DefaultValueFlowConf config) }
-
-  DataFlow::Configuration getTaintFlowConfig() { result = any(DefaultTaintFlowConf config) }
 }

csharp/ql/test/library-tests/cil/dataflow/TaintTracking.ql

@@ -6,16 +6,16 @@ import semmle.code.csharp.dataflow.TaintTracking3
 import semmle.code.csharp.dataflow.TaintTracking4
 import semmle.code.csharp.dataflow.TaintTracking5
 
-class FlowConfig extends TaintTracking::Configuration {
-  FlowConfig() { this = "FlowConfig" }
+module FlowConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source.asExpr() instanceof Literal }
 
-  override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof Literal }
-
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(LocalVariable decl | sink.asExpr() = decl.getInitializer())
   }
 }
 
-from FlowConfig config, DataFlow::Node source, DataFlow::Node sink
-where config.hasFlow(source, sink)
+module Flow = TaintTracking::Global<FlowConfig>;
+
+from DataFlow::Node source, DataFlow::Node sink
+where Flow::flow(source, sink)
 select source, sink

csharp/ql/test/library-tests/csharp7/GlobalTaintTracking.ql

@@ -3,20 +3,18 @@
  */
 
 import csharp
-import DataFlow::PathGraph
+import Taint::PathGraph
 
-class DataflowConfiguration extends TaintTracking::Configuration {
-  DataflowConfiguration() { this = "taint tracking configuration" }
+module TaintConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source.asExpr().(Expr).getValue() = "tainted" }
 
-  override predicate isSource(DataFlow::Node source) {
-    source.asExpr().(Expr).getValue() = "tainted"
-  }
-
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(LocalVariable v | sink.asExpr() = v.getInitializer())
   }
 }
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, DataflowConfiguration conf
-where conf.hasFlowPath(source, sink)
+module Taint = TaintTracking::Global<TaintConfig>;
+
+from Taint::PathNode source, Taint::PathNode sink
+where Taint::flowPath(source, sink)
 select source, source, sink, "$@", sink, sink.toString()

csharp/ql/test/library-tests/dataflow/async/Async.ql

@@ -1,5 +1,5 @@
 import csharp
-import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
+import Taint::PathGraph
 
 class MySink extends DataFlow::ExprNode {
   MySink() {
@@ -19,15 +19,15 @@ class MySource extends DataFlow::ParameterNode {
   }
 }
 
-class MyConfig extends TaintTracking::Configuration {
-  MyConfig() { this = "MyConfig" }
+module TaintConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof MySource }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof MySource }
-
-  override predicate isSink(DataFlow::Node sink) { sink instanceof MySink }
+  predicate isSink(DataFlow::Node sink) { sink instanceof MySink }
 }
 
-from MyConfig c, DataFlow::PathNode source, DataFlow::PathNode sink
-where c.hasFlowPath(source, sink)
+module Taint = TaintTracking::Global<TaintConfig>;
+
+from Taint::PathNode source, Taint::PathNode sink
+where Taint::flowPath(source, sink)
 select sink.getNode(), source, sink, "$@ flows to here and is used.", source.getNode(),
   "User-provided value"

csharp/ql/test/library-tests/dataflow/callablereturnsarg/Common.qll

@@ -10,34 +10,38 @@ private predicate outRefDef(DataFlow::ExprNode ne, int outRef) {
   )
 }
 
-class Configuration extends DataFlow::Configuration {
-  Configuration() { this = "Configuration" }
+module Config implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof DataFlow::ParameterNode }
 
-  override predicate isSource(DataFlow::Node source) { source instanceof DataFlow::ParameterNode }
-
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     any(Callable c).canReturn(sink.asExpr()) or outRefDef(sink, _)
   }
 
-  override predicate isBarrier(DataFlow::Node node) {
+  predicate isBarrier(DataFlow::Node node) {
     exists(AbstractValues::NullValue nv | node.(GuardedDataFlowNode).mustHaveValue(nv) |
       nv.isNull()
     )
   }
 }
 
-predicate flowOutFromParameter(DataFlow::Configuration c, Parameter p) {
-  exists(DataFlow::ExprNode ne, DataFlow::ParameterNode np |
-    p.getCallable().canReturn(ne.getExpr()) and
-    np.getParameter() = p and
-    c.hasFlow(np, ne)
-  )
-}
+module FlowOut<DataFlow::GlobalFlowSig Input> {
+  predicate flowOutFromParameter(Parameter p) {
+    exists(DataFlow::ExprNode ne, DataFlow::ParameterNode np |
+      p.getCallable().canReturn(ne.getExpr()) and
+      np.getParameter() = p and
+      Input::flow(np, ne)
+    )
+  }
 
-predicate flowOutFromParameterOutOrRef(DataFlow::Configuration c, Parameter p, int outRef) {
-  exists(DataFlow::ExprNode ne, DataFlow::ParameterNode np |
-    outRefDef(ne, outRef) and
-    np.getParameter() = p and
-    c.hasFlow(np, ne)
-  )
+  predicate flowOutFromParameterOutOrRef(Parameter p, int outRef) {
+    exists(DataFlow::ExprNode ne, DataFlow::ParameterNode np |
+      outRefDef(ne, outRef) and
+      np.getParameter() = p and
+      Input::flow(np, ne)
+    )
+  }
 }
+
+module Data = FlowOut<DataFlow::Global<Config>>;
+
+module Taint = FlowOut<TaintTracking::Global<Config>>;

csharp/ql/test/library-tests/dataflow/callablereturnsarg/DataFlow.ql

@@ -1,9 +1,9 @@
 import csharp
 import Common
 
-from Configuration c, Parameter p, int outRefArg
+from Parameter p, int outRefArg
 where
-  flowOutFromParameter(c, p) and outRefArg = -1
+  Data::flowOutFromParameter(p) and outRefArg = -1
   or
-  flowOutFromParameterOutOrRef(c, p, outRefArg)
+  Data::flowOutFromParameterOutOrRef(p, outRefArg)
 select p.getCallable(), p.getPosition(), outRefArg

csharp/ql/test/library-tests/dataflow/callablereturnsarg/TaintTracking.ql

@@ -1,21 +1,9 @@
 import csharp
 import Common
 
-class TaintTrackingConfiguration extends TaintTracking::Configuration {
-  Configuration c;
-
-  TaintTrackingConfiguration() { this = "Taint " + c }
-
-  override predicate isSource(DataFlow::Node source) { c.isSource(source) }
-
-  override predicate isSink(DataFlow::Node sink) { c.isSink(sink) }
-
-  override predicate isSanitizer(DataFlow::Node node) { c.isBarrier(node) }
-}
-
-from TaintTrackingConfiguration c, Parameter p, int outRefArg
+from Parameter p, int outRefArg
 where
-  flowOutFromParameter(c, p) and outRefArg = -1
+  Taint::flowOutFromParameter(p) and outRefArg = -1
   or
-  flowOutFromParameterOutOrRef(c, p, outRefArg)
+  Taint::flowOutFromParameterOutOrRef(p, outRefArg)
 select p.getCallable(), p.getPosition(), outRefArg

csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected

@@ -1,3 +1,4 @@
+invalidModelRow
 edges
 | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object |
 | ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes |
@@ -162,7 +163,6 @@ nodes
 | ExternalFlow.cs:206:18:206:40 | call to method MixedFlowArgs | semmle.label | call to method MixedFlowArgs |
 | ExternalFlow.cs:206:38:206:39 | access to local variable o2 : Object | semmle.label | access to local variable o2 : Object |
 subpaths
-invalidModelRow
 #select
 | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | $@ | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | object creation of type Object : Object |
 | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | $@ | ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | object creation of type Object : Object |

csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ql

@@ -3,23 +3,23 @@
  */
 
 import csharp
-import DataFlow::PathGraph
 import semmle.code.csharp.dataflow.ExternalFlow
+import Taint::PathGraph
 import ModelValidation
 
-class Conf extends TaintTracking::Configuration {
-  Conf() { this = "ExternalFlow" }
+module TaintConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ObjectCreation }
 
-  override predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ObjectCreation }
-
-  override predicate isSink(DataFlow::Node sink) {
+  predicate isSink(DataFlow::Node sink) {
     exists(MethodCall mc |
       mc.getTarget().hasName("Sink") and
       mc.getAnArgument() = sink.asExpr()
     )
   }
 }
 
+module Taint = TaintTracking::Global<TaintConfig>;
+
 /**
  * Simulate that methods with summaries are not included in the source code.
  * This is relevant for dataflow analysis using summaries tagged as generated.
@@ -28,6 +28,6 @@ private class MyMethod extends Method {
   override predicate fromSource() { none() }
 }
 
-from DataFlow::PathNode source, DataFlow::PathNode sink, Conf conf
-where conf.hasFlowPath(source, sink)
+from Taint::PathNode source, Taint::PathNode sink
+where Taint::flowPath(source, sink)
 select sink, source, sink, "$@", source, source.toString()