Merge pull request github#15542 from tamasvajk/feature/relative-line-pragma

C#: Try resolve relative paths in line mappings

Author: tamasvajk

csharp/extractor/Semmle.Extraction.CSharp/Entities/NonGeneratedSourceLocation.cs

@@ -1,5 +1,7 @@
+using System;
 using System.IO;
 using Microsoft.CodeAnalysis;
+using Semmle.Util.Logging;
 
 namespace Semmle.Extraction.CSharp.Entities
 {
@@ -25,7 +27,8 @@ public override void Populate(TextWriter trapFile)
             var mapped = Symbol.GetMappedLineSpan();
             if (mapped.HasMappedPath && mapped.IsValid)
             {
-                var mappedLoc = Create(Context, Location.Create(mapped.Path, default, mapped.Span));
+                var path = TryAdjustRelativeMappedFilePath(mapped.Path, Position.Path, Context.Extractor.Logger);
+                var mappedLoc = Create(Context, Location.Create(path, default, mapped.Span));
 
                 trapFile.locations_mapped(this, mappedLoc);
             }
@@ -61,5 +64,25 @@ private class SourceLocationFactory : CachedEntityFactory<Location, NonGenerated
 
             public override NonGeneratedSourceLocation Create(Context cx, Location init) => new NonGeneratedSourceLocation(cx, init);
         }
+
+        public static string TryAdjustRelativeMappedFilePath(string mappedToPath, string mappedFromPath, ILogger logger)
+        {
+            if (!Path.IsPathRooted(mappedToPath))
+            {
+                try
+                {
+                    var fullPath = Path.GetFullPath(Path.Combine(Path.GetDirectoryName(mappedFromPath)!, mappedToPath));
+                    logger.LogDebug($"Found relative path in line mapping: '{mappedToPath}', interpreting it as '{fullPath}'");
+
+                    mappedToPath = fullPath;
+                }
+                catch (Exception e)
+                {
+                    logger.LogDebug($"Failed to compute absolute path for relative path in line mapping: '{mappedToPath}': {e}");
+                }
+            }
+
+            return mappedToPath;
+        }
     }
 }

csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/LineOrSpanDirective.cs

@@ -25,9 +25,11 @@ protected override void PopulatePreprocessor(TextWriter trapFile)
         {
             trapFile.directive_lines(this, kind);
 
-            if (!string.IsNullOrWhiteSpace(Symbol.File.ValueText))
+            var path = Symbol.File.ValueText;
+            if (!string.IsNullOrWhiteSpace(path))
             {
-                var file = File.Create(Context, Symbol.File.ValueText);
+                path = NonGeneratedSourceLocation.TryAdjustRelativeMappedFilePath(path, Symbol.SyntaxTree.FilePath, Context.Extractor.Logger);
+                var file = File.Create(Context, path);
                 trapFile.directive_line_file(this, file);
             }
         }

csharp/extractor/Semmle.Extraction.CSharp/Entities/PreprocessorDirectives/PragmaChecksumDirective.cs

@@ -12,7 +12,8 @@ private PragmaChecksumDirective(Context cx, PragmaChecksumDirectiveTriviaSyntax
 
         protected override void PopulatePreprocessor(TextWriter trapFile)
         {
-            var file = File.Create(Context, Symbol.File.ValueText);
+            var path = NonGeneratedSourceLocation.TryAdjustRelativeMappedFilePath(Symbol.File.ValueText, Symbol.SyntaxTree.FilePath, Context.Extractor.Logger);
+            var file = File.Create(Context, path);
             trapFile.pragma_checksums(this, file, Symbol.Guid.ToString(), Symbol.Bytes.ToString());
         }
 

csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/Generated/Areas_TestArea_Views_Shared_Test18.cshtml.g.cs

@@ -24,7 +24,7 @@ public class Areas_TestArea_Views_Shared_Test18 : global::Microsoft.AspNetCore.M
         #pragma warning disable 1998
         public async override global::System.Threading.Tasks.Task ExecuteAsync()
         {
-#line 6 "Areas/TestArea/Views/Shared/Test18.cshtml"
+#line 6 "../Areas/TestArea/Views/Shared/Test18.cshtml"
  if (Model != null)
 {
 
@@ -33,15 +33,15 @@ public class Areas_TestArea_Views_Shared_Test18 : global::Microsoft.AspNetCore.M
 #nullable disable
             WriteLiteral("    <h3>Hello \"");
 #nullable restore
-#line 8 "Areas/TestArea/Views/Shared/Test18.cshtml"
+#line 8 "../Areas/TestArea/Views/Shared/Test18.cshtml"
 Write(Html.Raw(Model.Name));
 
 #line default
 #line hidden
 #nullable disable
             WriteLiteral("\"</h3>\n");
 #nullable restore
-#line 9 "Areas/TestArea/Views/Shared/Test18.cshtml"
+#line 9 "../Areas/TestArea/Views/Shared/Test18.cshtml"
 }
 
 #line default

csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/Generated/Areas_TestArea_Views_Test4_Test17.cshtml.g.cs

@@ -24,7 +24,7 @@ public class Areas_TestArea_Views_Test4_Test17 : global::Microsoft.AspNetCore.Mv
         #pragma warning disable 1998
         public async override global::System.Threading.Tasks.Task ExecuteAsync()
         {
-#line 6 "Areas/TestArea/Views/Test4/Test17.cshtml"
+#line 6 "../Areas/TestArea/Views/Test4/Test17.cshtml"
  if (Model != null)
 {
 
@@ -33,15 +33,15 @@ public class Areas_TestArea_Views_Test4_Test17 : global::Microsoft.AspNetCore.Mv
 #nullable disable
             WriteLiteral("    <h3>Hello \"");
 #nullable restore
-#line 8 "Areas/TestArea/Views/Test4/Test17.cshtml"
+#line 8 "../Areas/TestArea/Views/Test4/Test17.cshtml"
 Write(Html.Raw(Model.Name));
 
 #line default
 #line hidden
 #nullable disable
             WriteLiteral("\"</h3>\n");
 #nullable restore
-#line 9 "Areas/TestArea/Views/Test4/Test17.cshtml"
+#line 9 "../Areas/TestArea/Views/Test4/Test17.cshtml"
 }
 
 #line default

csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/Generated/MyAreas_Test4_Test22.cshtml.g.cs

@@ -24,7 +24,7 @@ public class MyAreas_Test4_Test22 : global::Microsoft.AspNetCore.Mvc.Razor.Razor
         #pragma warning disable 1998
         public async override global::System.Threading.Tasks.Task ExecuteAsync()
         {
-#line 6 "MyAreas/Test4/Test22.cshtml"
+#line 6 "../MyAreas/Test4/Test22.cshtml"
  if (Model != null)
 {
 
@@ -33,15 +33,15 @@ public class MyAreas_Test4_Test22 : global::Microsoft.AspNetCore.Mvc.Razor.Razor
 #nullable disable
             WriteLiteral("    <h3>Hello \"");
 #nullable restore
-#line 8 "MyAreas/Test4/Test22.cshtml"
+#line 8 "../MyAreas/Test4/Test22.cshtml"
 Write(Html.Raw(Model.Name));
 
 #line default
 #line hidden
 #nullable disable
             WriteLiteral("\"</h3>\n");
 #nullable restore
-#line 9 "MyAreas/Test4/Test22.cshtml"
+#line 9 "../MyAreas/Test4/Test22.cshtml"
 }
 
 #line default

csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/Generated/Pages_Shared_Test21.cshtml.g.cs

@@ -24,7 +24,7 @@ public class Pages_Shared_Test21 : global::Microsoft.AspNetCore.Mvc.Razor.RazorP
         #pragma warning disable 1998
         public async override global::System.Threading.Tasks.Task ExecuteAsync()
         {
-#line 6 "Pages/Shared/Test21.cshtml"
+#line 6 "../Pages/Shared/Test21.cshtml"
  if (Model != null)
 {
 
@@ -33,15 +33,15 @@ public class Pages_Shared_Test21 : global::Microsoft.AspNetCore.Mvc.Razor.RazorP
 #nullable disable
             WriteLiteral("    <h3>Hello \"");
 #nullable restore
-#line 8 "Pages/Shared/Test21.cshtml"
+#line 8 "../Pages/Shared/Test21.cshtml"
 Write(Html.Raw(Model.Name));
 
 #line default
 #line hidden
 #nullable disable
             WriteLiteral("\"</h3>\n");
 #nullable restore
-#line 9 "Pages/Shared/Test21.cshtml"
+#line 9 "../Pages/Shared/Test21.cshtml"
 }
 
 #line default

csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/Generated/Template.g

@@ -24,7 +24,7 @@ using test;
         #pragma warning disable 1998
         public async override global::System.Threading.Tasks.Task ExecuteAsync()
         {
-#line 6 "$PATHSLASH"
+#line 6 "../$PATHSLASH"
  if (Model != null)
 {
 
@@ -33,15 +33,15 @@ using test;
 #nullable disable
             WriteLiteral("    <h3>Hello \"");
 #nullable restore
-#line 8 "$PATHSLASH"
+#line 8 "../$PATHSLASH"
 Write(Html.Raw(Model.Name));
 
 #line default
 #line hidden
 #nullable disable
             WriteLiteral("\"</h3>\n");
 #nullable restore
-#line 9 "$PATHSLASH"
+#line 9 "../$PATHSLASH"
 }
 
 #line default

csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/Generated/Views_Custom2_Test16.cshtml.g.cs

@@ -24,7 +24,7 @@ public class Views_Custom2_Test16 : global::Microsoft.AspNetCore.Mvc.Razor.Razor
         #pragma warning disable 1998
         public async override global::System.Threading.Tasks.Task ExecuteAsync()
         {
-#line 6 "Views/Custom2/Test16.cshtml"
+#line 6 "../Views/Custom2/Test16.cshtml"
  if (Model != null)
 {
 
@@ -33,15 +33,15 @@ public class Views_Custom2_Test16 : global::Microsoft.AspNetCore.Mvc.Razor.Razor
 #nullable disable
             WriteLiteral("    <h3>Hello \"");
 #nullable restore
-#line 8 "Views/Custom2/Test16.cshtml"
+#line 8 "../Views/Custom2/Test16.cshtml"
 Write(Html.Raw(Model.Name));
 
 #line default
 #line hidden
 #nullable disable
             WriteLiteral("\"</h3>\n");
 #nullable restore
-#line 9 "Views/Custom2/Test16.cshtml"
+#line 9 "../Views/Custom2/Test16.cshtml"
 }
 
 #line default

csharp/ql/test/query-tests/Security Features/CWE-079/XSSRazorPages/Generated/Views_Custom_Test3_Test15.cshtml.g.cs

@@ -24,7 +24,7 @@ public class Views_Custom_Test3_Test15 : global::Microsoft.AspNetCore.Mvc.Razor.
         #pragma warning disable 1998
         public async override global::System.Threading.Tasks.Task ExecuteAsync()
         {
-#line 6 "Views/Custom/Test3/Test15.cshtml"
+#line 6 "../Views/Custom/Test3/Test15.cshtml"
  if (Model != null)
 {
 
@@ -33,15 +33,15 @@ public class Views_Custom_Test3_Test15 : global::Microsoft.AspNetCore.Mvc.Razor.
 #nullable disable
             WriteLiteral("    <h3>Hello \"");
 #nullable restore
-#line 8 "Views/Custom/Test3/Test15.cshtml"
+#line 8 "../Views/Custom/Test3/Test15.cshtml"
 Write(Html.Raw(Model.Name));
 
 #line default
 #line hidden
 #nullable disable
             WriteLiteral("\"</h3>\n");
 #nullable restore
-#line 9 "Views/Custom/Test3/Test15.cshtml"
+#line 9 "../Views/Custom/Test3/Test15.cshtml"
 }
 
 #line default