Skip to content

Commit 86ceeeb

Browse files
egregius313egregius313
committed
Change handling of LocalSource in queries
1. Change `LocalSource` to extend `DataFlow::Node`, thus removed from the definiton of `Source` 2. Add a private class `AddLocalSource` which extends `Source`. This allows us to currently preserve the inclusion of local sources, while making it easier to remove it in the future.
1 parent 3563c7e commit 86ceeeb

File tree

3 files changed

+9
-3
lines changed

3 files changed

+9
-3
lines changed

csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -66,7 +66,9 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
6666
*
6767
* A source of local user input.
6868
*/
69-
deprecated class LocalSource extends Source instanceof LocalFlowSource { }
69+
deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { }
70+
71+
private class AddLocalSource extends Source instanceof LocalFlowSource { }
7072

7173
/** A source supported by the current threat model. */
7274
class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }

csharp/ql/lib/semmle/code/csharp/security/dataflow/ResourceInjectionQuery.qll

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -65,7 +65,9 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
6565
*
6666
* A source of local user input.
6767
*/
68-
deprecated class LocalSource extends Source instanceof LocalFlowSource { }
68+
deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { }
69+
70+
private class AddLocalSource extends Source instanceof LocalFlowSource { }
6971

7072
/** A source supported by the current threat model. */
7173
class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }

csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -76,7 +76,9 @@ deprecated class RemoteSource extends DataFlow::Node instanceof RemoteFlowSource
7676
*
7777
* A source of local user input.
7878
*/
79-
deprecated class LocalSource extends Source instanceof LocalFlowSource { }
79+
deprecated class LocalSource extends DataFlow::Node instanceof LocalFlowSource { }
80+
81+
private class AddLocalSource extends Source instanceof LocalFlowSource { }
8082

8183
/** A source supported by the current threat model. */
8284
class ThreatModelSource extends Source instanceof ThreatModelFlowSource { }

0 commit comments

Comments
 (0)