Skip to content

Commit 48b90b2

Browse files
egregius313egregius313
committed
Component parameter passing step
1 parent 795a2e1 commit 48b90b2

File tree

1 file changed

+49
-0
lines changed
  • csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore

1 file changed

+49
-0
lines changed

csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -112,6 +112,16 @@ class MicrosoftAspNetCoreComponentsComponent extends Class {
112112
}
113113
}
114114

115+
/**
116+
* The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` method.
117+
*/
118+
private class MicrosoftAspNetCoreComponentsAddComponentParameterMethod extends Method {
119+
MicrosoftAspNetCoreComponentsAddComponentParameterMethod() {
120+
this.hasFullyQualifiedName("Microsoft.AspNetCore.Components.Rendering", "RenderTreeBuilder",
121+
"AddComponentParameter")
122+
}
123+
}
124+
115125
private module Sources {
116126
private import semmle.code.csharp.security.dataflow.flowsources.Remote
117127

@@ -133,3 +143,42 @@ private module Sources {
133143
override string getSourceType() { result = "ASP.NET Core component route parameter" }
134144
}
135145
}
146+
147+
private module JumpNodes {
148+
/**
149+
* A call to `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` which
150+
* sets the value of a parameter.
151+
*/
152+
private class ParameterPassingCall extends Call {
153+
ParameterPassingCall() {
154+
this.getTarget() instanceof MicrosoftAspNetCoreComponentsAddComponentParameterMethod
155+
}
156+
157+
/**
158+
* Gets the property whose value is being set.
159+
*/
160+
Property getParameterProperty() {
161+
result.getAnAttribute() instanceof MicrosoftAspNetCoreComponentsParameterAttribute and
162+
exists(NameOfExpr ne | ne = this.getArgument(1) |
163+
result.getAnAccess() = ne.getAccess().(MemberAccess)
164+
)
165+
}
166+
167+
/**
168+
* Gets the value being set.
169+
*/
170+
Expr getParameterValue() { result = this.getArgument(2) }
171+
}
172+
173+
private class ComponentParameterJump extends DataFlow::NonLocalJumpNode {
174+
ParameterPassingCall call;
175+
176+
ComponentParameterJump() { this.asExpr() = call.getParameterValue() }
177+
178+
override DataFlow::Node getAJumpSuccessor(boolean preservesValue) {
179+
preservesValue = false and
180+
result.asExpr() = call.getParameterProperty().getAnAccess()
181+
}
182+
}
183+
}
184+

0 commit comments

Comments
 (0)