@@ -122,6 +122,38 @@ private class MicrosoftAspNetCoreComponentsAddComponentParameterMethod extends M
122122 }
123123}
124124
125+ /**
126+ * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::OpenComponent<TComponent>` method.
127+ */
128+ private class MicrosoftAspNetCoreComponentsOpenComponentTComponentMethod extends Method {
129+ MicrosoftAspNetCoreComponentsOpenComponentTComponentMethod ( ) {
130+ this .hasFullyQualifiedName ( "Microsoft.AspNetCore.Components.Rendering" , "RenderTreeBuilder" ,
131+ "OpenComponent`1" ) and
132+ this .getNumberOfParameters ( ) = 1
133+ }
134+ }
135+
136+ /**
137+ * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::OpenComponent` method.
138+ */
139+ private class MicrosoftAspNetCoreComponentsOpenComponentMethod extends Method {
140+ MicrosoftAspNetCoreComponentsOpenComponentMethod ( ) {
141+ this .hasFullyQualifiedName ( "Microsoft.AspNetCore.Components.Rendering" , "RenderTreeBuilder" ,
142+ "OpenComponent" ) and
143+ this .getNumberOfParameters ( ) = 2
144+ }
145+ }
146+
147+ /**
148+ * The `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::CloseComponent` method.
149+ */
150+ private class MicrosoftAspNetCoreComponentsCloseComponentMethod extends Method {
151+ MicrosoftAspNetCoreComponentsCloseComponentMethod ( ) {
152+ this .hasFullyQualifiedName ( "Microsoft.AspNetCore.Components.Rendering" , "RenderTreeBuilder" ,
153+ "CloseComponent" )
154+ }
155+ }
156+
125157private module Sources {
126158 private import semmle.code.csharp.security.dataflow.flowsources.Remote
127159
@@ -144,6 +176,38 @@ private module Sources {
144176 }
145177}
146178
179+ /**
180+ * Holds for matching `RenderTreeBuilder.OpenComponent` and `RenderTreeBuilder.CloseComponent` calls with index `openCallIndex` and `closeCallIndex` respectively
181+ * within the `enclosing` enclosing callabale. The `componentType` is the type of the component that is being opened and closed.
182+ */
183+ private predicate matchingOpenCloseComponentCalls (
184+ MethodCall openCall , int openCallIndex , MethodCall closeCall , int closeCallIndex ,
185+ Callable enclosing , Type componentType
186+ ) {
187+ (
188+ openCall .getTarget ( ) .getUnboundDeclaration ( ) instanceof
189+ MicrosoftAspNetCoreComponentsOpenComponentTComponentMethod and
190+ openCall .getTarget ( ) .( ConstructedGeneric ) .getTypeArgument ( 0 ) = componentType
191+ or
192+ openCall .getTarget ( ) instanceof MicrosoftAspNetCoreComponentsOpenComponentMethod and
193+ openCall .getArgument ( 1 ) .( TypeofExpr ) .getTypeAccess ( ) .getTarget ( ) = componentType
194+ ) and
195+ openCall .getEnclosingCallable ( ) = enclosing and
196+ closeCall .getTarget ( ) instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and
197+ closeCall .getEnclosingCallable ( ) = enclosing and
198+ closeCall .getParent ( ) .getParent ( ) = openCall .getParent ( ) .getParent ( ) and
199+ openCall .getParent ( ) .getIndex ( ) = openCallIndex and
200+ closeCall .getParent ( ) .getIndex ( ) = closeCallIndex and
201+ closeCallIndex > openCallIndex and
202+ not exists ( int k , MethodCall otherCloseCall |
203+ k in [ openCallIndex + 1 .. closeCallIndex - 1 ] and
204+ otherCloseCall .getTarget ( ) instanceof MicrosoftAspNetCoreComponentsCloseComponentMethod and
205+ otherCloseCall .getEnclosingCallable ( ) = enclosing and
206+ otherCloseCall .getParent ( ) .getParent ( ) = openCall .getParent ( ) .getParent ( ) and
207+ otherCloseCall .getParent ( ) .getIndex ( ) = k
208+ )
209+ }
210+
147211private module JumpNodes {
148212 /**
149213 * A call to `Microsoft.AspNetCore.Components.Rendering.RenderTreeBuilder::AddComponentParameter` which
@@ -162,8 +226,15 @@ private module JumpNodes {
162226 (
163227 exists ( NameOfExpr ne | ne = this .getArgument ( 1 ) | result .getAnAccess ( ) = ne .getAccess ( ) )
164228 or
165- exists ( string propertyName | propertyName = this .getArgument ( 1 ) .( StringLiteral ) .getValue ( ) |
166- result .hasName ( propertyName )
229+ exists (
230+ string propertyName , MethodCall openComponent , int i , MethodCall closeComponent , int j
231+ |
232+ propertyName = this .getArgument ( 1 ) .( StringLiteral ) .getValue ( ) and
233+ result .hasName ( propertyName ) and
234+ matchingOpenCloseComponentCalls ( openComponent , i , closeComponent , j ,
235+ this .getEnclosingCallable ( ) , result .getDeclaringType ( ) ) and
236+ this .getParent ( ) .getParent ( ) = openComponent .getParent ( ) .getParent ( ) and
237+ this .getParent ( ) .getIndex ( ) in [ i + 1 .. j - 1 ]
167238 )
168239 )
169240 }
0 commit comments