Skip to content

Commit f5b247d

Browse files
paldepindpaldepind
committed
Merge branch 'main' into rust-ref-pattern
2 parents 7476aea + 9054f16 commit f5b247d

File tree

48 files changed

+1047
-577
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+1047
-577
lines changed

MODULE.bazel

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -243,7 +243,7 @@ use_repo(
243243
)
244244

245245
go_sdk = use_extension("@rules_go//go:extensions.bzl", "go_sdk")
246-
go_sdk.download(version = "1.23.1")
246+
go_sdk.download(version = "1.24.0")
247247

248248
go_deps = use_extension("@gazelle//:extensions.bzl", "go_deps")
249249
go_deps.from_file(go_mod = "//go/extractor:go.mod")

csharp/ql/lib/change-notes/2025-02-05-update-system.net.http.httprequestmessage-and-system.uribuilder-models.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.

csharp/ql/lib/ext/System.Net.Http.model.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,8 @@ extensions:
1010
data:
1111
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
1212
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.String)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
13+
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
14+
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
1315
- ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
1416
- ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
1517
- ["System.Net.Http", "MultipartContent", False, "Add", "(System.Net.Http.HttpContent)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]

csharp/ql/lib/ext/System.model.yml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -784,6 +784,24 @@ extensions:
784784
- ["System", "Uri", False, "get_OriginalString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
785785
- ["System", "Uri", False, "get_PathAndQuery", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
786786
- ["System", "Uri", False, "get_Query", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
787+
- ["System", "UriBuilder", False, "ToString", "()", "", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.UserName,System.UriBuilder.Password,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "ReturnValue", "taint", "manual"]
788+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "taint", "manual"]
789+
- ["System", "UriBuilder", False, "UriBuilder", "(System.Uri)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "taint", "manual"]
790+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
791+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
792+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
793+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
794+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32)", "", "Argument[2]", "Argument[this].Property[System.UriBuilder.Port]", "taint", "manual"]
795+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
796+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
797+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[2]", "Argument[this].Property[System.UriBuilder.Port]", "taint", "manual"]
798+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[3]", "Argument[this].Property[System.UriBuilder.Path]", "taint", "manual"]
799+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
800+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
801+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[2]", "Argument[this].Property[System.UriBuilder.Port]", "taint", "manual"]
802+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[3]", "Argument[this].Property[System.UriBuilder.Path]", "taint", "manual"]
803+
- ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[4]", "Argument[this].Property[System.UriBuilder.Query,System.UriBuilder.Fragment]", "taint", "manual"]
804+
- ["System", "UriBuilder", False, "get_Uri", "()", "", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.UserName,System.UriBuilder.Password,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "ReturnValue", "taint", "manual"]
787805
- ["System", "ValueTuple", False, "Create<T1,T2,T3,T4,T5,T6,T7,T8>", "(T1,T2,T3,T4,T5,T6,T7,T8)", "", "Argument[0]", "ReturnValue.Field[System.ValueTuple`8.Item1]", "value", "manual"]
788806
- ["System", "ValueTuple", False, "Create<T1,T2,T3,T4,T5,T6,T7,T8>", "(T1,T2,T3,T4,T5,T6,T7,T8)", "", "Argument[1]", "ReturnValue.Field[System.ValueTuple`8.Item2]", "value", "manual"]
789807
- ["System", "ValueTuple", False, "Create<T1,T2,T3,T4,T5,T6,T7,T8>", "(T1,T2,T3,T4,T5,T6,T7,T8)", "", "Argument[2]", "ReturnValue.Field[System.ValueTuple`8.Item3]", "value", "manual"]

csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected

Lines changed: 45 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -14702,8 +14702,8 @@ summary
1470214702
| System.Net.Http;HttpRequestException;HttpRequestException;(System.String,System.Exception,System.Nullable<System.Net.HttpStatusCode>);Argument[2];Argument[this].Property[System.Net.Http.HttpRequestException.StatusCode];value;dfc-generated |
1470314703
| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);Argument[0];Argument[this];taint;manual |
1470414704
| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);Argument[1];Argument[this];taint;manual |
14705-
| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[0];Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method];value;dfc-generated |
14706-
| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[1];Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri];value;dfc-generated |
14705+
| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[0];Argument[this];taint;manual |
14706+
| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[1];Argument[this];taint;manual |
1470714707
| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method];ReturnValue;taint;dfc-generated |
1470814708
| System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri];ReturnValue;taint;dfc-generated |
1470914709
| System.Net.Http;HttpRequestMessage;get_Properties;();Argument[this].Property[System.Net.Http.HttpRequestMessage.Options];ReturnValue;value;dfc-generated |
@@ -23494,13 +23494,49 @@ summary
2349423494
| System;Uri;get_Query;();Argument[this];ReturnValue;taint;manual |
2349523495
| System;Uri;get_Scheme;();Argument[this];ReturnValue;taint;df-generated |
2349623496
| System;Uri;get_UserInfo;();Argument[this];ReturnValue;taint;df-generated |
23497-
| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].SyntheticField[System.UriBuilder._uri];taint;dfc-generated |
23498-
| System;UriBuilder;UriBuilder;(System.String,System.String);Argument[0];Argument[this];taint;df-generated |
23499-
| System;UriBuilder;UriBuilder;(System.String,System.String);Argument[1];Argument[this];taint;df-generated |
23500-
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[3];Argument[this];taint;df-generated |
23501-
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[4];Argument[this];taint;df-generated |
23502-
| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].SyntheticField[System.UriBuilder._uri];value;dfc-generated |
23503-
| System;UriBuilder;get_Uri;();Argument[this].SyntheticField[System.UriBuilder._uri];ReturnValue;value;dfc-generated |
23497+
| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Fragment];ReturnValue;taint;manual |
23498+
| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Host];ReturnValue;taint;manual |
23499+
| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Password];ReturnValue;taint;manual |
23500+
| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Path];ReturnValue;taint;manual |
23501+
| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Port];ReturnValue;taint;manual |
23502+
| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Query];ReturnValue;taint;manual |
23503+
| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Scheme];ReturnValue;taint;manual |
23504+
| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.UserName];ReturnValue;taint;manual |
23505+
| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Fragment];taint;manual |
23506+
| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Host];taint;manual |
23507+
| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Path];taint;manual |
23508+
| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Port];taint;manual |
23509+
| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Query];taint;manual |
23510+
| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
23511+
| System;UriBuilder;UriBuilder;(System.String,System.String);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
23512+
| System;UriBuilder;UriBuilder;(System.String,System.String);Argument[1];Argument[this].Property[System.UriBuilder.Host];taint;manual |
23513+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
23514+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32);Argument[1];Argument[this].Property[System.UriBuilder.Host];taint;manual |
23515+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32);Argument[2];Argument[this].Property[System.UriBuilder.Port];taint;manual |
23516+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
23517+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[1];Argument[this].Property[System.UriBuilder.Host];taint;manual |
23518+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[2];Argument[this].Property[System.UriBuilder.Port];taint;manual |
23519+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[3];Argument[this].Property[System.UriBuilder.Path];taint;manual |
23520+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
23521+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[1];Argument[this].Property[System.UriBuilder.Host];taint;manual |
23522+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[2];Argument[this].Property[System.UriBuilder.Port];taint;manual |
23523+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[3];Argument[this].Property[System.UriBuilder.Path];taint;manual |
23524+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[4];Argument[this].Property[System.UriBuilder.Fragment];taint;manual |
23525+
| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[4];Argument[this].Property[System.UriBuilder.Query];taint;manual |
23526+
| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Fragment];taint;manual |
23527+
| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Host];taint;manual |
23528+
| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Path];taint;manual |
23529+
| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Port];taint;manual |
23530+
| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Query];taint;manual |
23531+
| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
23532+
| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Fragment];ReturnValue;taint;manual |
23533+
| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Host];ReturnValue;taint;manual |
23534+
| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Password];ReturnValue;taint;manual |
23535+
| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Path];ReturnValue;taint;manual |
23536+
| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Port];ReturnValue;taint;manual |
23537+
| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Query];ReturnValue;taint;manual |
23538+
| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Scheme];ReturnValue;taint;manual |
23539+
| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.UserName];ReturnValue;taint;manual |
2350423540
| System;UriFormatException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated |
2350523541
| System;UriParser;GetComponents;(System.Uri,System.UriComponents,System.UriFormat);Argument[0];ReturnValue;taint;df-generated |
2350623542
| System;UriParser;OnNewUri;();Argument[this];ReturnValue;value;dfc-generated |

0 commit comments

Comments
 (0)