Skip to content

Commit ba9cb5e

Browse files
Denis Levincalumgrant
Denis Levin
authored and
calumgrant
committed
cs: Adding sources and sinks for ASPNET.Core
Inintial query checkin. Note: tests require Nuget packages with ASPNET and ASPNETCore in Packages directory, and won't compile without them. The packages.config should include this: <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" /> <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" /> <package id="Microsoft.AspNetCore.Antiforgery" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Authorization" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Cors" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Cryptography.Internal" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.DataProtection" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.DataProtection.Abstractions" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Diagnostics" version="1.1.2" targetFramework="net452" /> <package id="Microsoft.AspNetCore.Diagnostics.Abstractions" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Hosting" version="1.1.3" targetFramework="net452" /> <package id="Microsoft.AspNetCore.Hosting.Abstractions" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Hosting.Server.Abstractions" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Html.Abstractions" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Http" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Http.Abstractions" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Http.Extensions" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Http.Features" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.HttpOverrides" version="1.1.2" targetFramework="net452" /> <package id="Microsoft.AspNetCore.JsonPatch" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Localization" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.ApiExplorer" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.Core" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.Cors" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.DataAnnotations" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.Formatters.Json" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.Localization" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.Razor" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.Razor.Host" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.TagHelpers" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Mvc.ViewFeatures" version="1.1.3" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Razor" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Razor.Runtime" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.ResponseCaching" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.ResponseCaching.Abstractions" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.ResponseCompression" version="1.0.2" targetFramework="net452" /> <package id="Microsoft.AspNetCore.Rewrite" version="1.0.2" targetFramework="net452" /> <package id="Microsoft.AspNetCore.Routing" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Routing.Abstractions" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.AspNetCore.Server.Kestrel" version="1.1.2" targetFramework="net452" /> <package id="Microsoft.AspNetCore.Server.Kestrel.Https" version="1.1.2" targetFramework="net452" /> <package id="Microsoft.AspNetCore.Server.WebListener" version="1.1.4" targetFramework="net452" /> <package id="Microsoft.AspNetCore.StaticFiles" version="1.1.2" targetFramework="net452" /> <package id="Microsoft.AspNetCore.WebUtilities" version="1.1.2" targetFramework="net451" /> <package id="Microsoft.Extensions.DependencyInjection.Abstractions" version="1.1.1" targetFramework="net451" /> <package id="Microsoft.Extensions.Primitives" version="2.1.0" targetFramework="net451" /> <package id="Microsoft.NETCore.App" version="2.0.0" /> <package id="Microsoft.AspNetCore.Mvc" version="2.1.0" /> <package id="Microsoft.AspNetCore.Mvc.Core" version="2.1.0" /> <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="2.1.0" /> <package id="Microsoft.AspNetCore.Http.Extensions" version="2.1.0" /> <package id="Microsoft.AspNetCore.Http.Abstractions" version="2.1.0" /> <package id="Microsoft.AspNetCore.Http.Features" version="2.1.0" />
1 parent b130335 commit ba9cb5e

File tree

18 files changed

+862
-1
lines changed

18 files changed

+862
-1
lines changed

csharp/ql/src/semmle/code/csharp/dataflow/flowsources/Remote.qll

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,9 @@ private import semmle.code.csharp.frameworks.system.web.Services
1111
private import semmle.code.csharp.frameworks.system.web.ui.WebControls
1212
private import semmle.code.csharp.frameworks.WCF
1313
private import semmle.code.csharp.frameworks.microsoft.Owin
14+
private import microsoft.code.csharp.frameworks.microsoft.Primitives
15+
private import microsoft.code.csharp.frameworks.microsoft.AspNetCore
16+
1417

1518
/** A data flow source of remote user input. */
1619
abstract class RemoteFlowSource extends DataFlow::Node {
@@ -187,3 +190,46 @@ class ActionMethodParameter extends RemoteFlowSource, DataFlow::ParameterNode {
187190
override
188191
string getSourceType() { result = "ASP.NET MVC action method parameter" }
189192
}
193+
194+
/** A data flow source of remote user input (ASP.NET Core). */
195+
abstract class AspNetCoreRemoteFlowSource extends RemoteFlowSource { }
196+
197+
198+
/** A data flow source of remote user input (ASP.NET query collection). */
199+
class AspNetCoreQueryRemoteFlowSource extends AspNetCoreRemoteFlowSource, DataFlow::ExprNode {
200+
AspNetCoreQueryRemoteFlowSource() {
201+
exists(ValueOrRefType t, Call c, Access ac |
202+
t instanceof MicrosoftAspNetCoreHttpHttpRequest or
203+
t instanceof MicrosoftAspNetCoreHttpQueryCollection or
204+
t instanceof MicrosoftAspNetCoreHttpQueryString |
205+
this.getExpr() = c and
206+
c.getTarget().getDeclaringType() = t
207+
or
208+
this.asExpr() = ac and
209+
ac.getTarget().getDeclaringType() = t
210+
or
211+
c.getTarget().getDeclaringType().hasQualifiedName("Microsoft.AspNetCore.Http", "IQueryCollection") and
212+
c.getTarget().getName() = "TryGetValue" and
213+
this.asExpr() = c.getArgumentForName("value")
214+
)
215+
}
216+
217+
override
218+
string getSourceType() { result = "ASP.NET Core query string" }
219+
}
220+
221+
/**
222+
* A parameter to an Mvc controller action method, viewed as a source of remote user input.
223+
*/
224+
class AspNetCoreActionMethodParameter extends RemoteFlowSource, DataFlow::ParameterNode {
225+
AspNetCoreActionMethodParameter() {
226+
exists(Parameter p |
227+
p = this.getParameter() and
228+
p.fromSource() |
229+
p = any(MicrosoftAspNetCoreMvcController c).getAnActionMethod().getAParameter()
230+
)
231+
}
232+
233+
override
234+
string getSourceType() { result = "ASP.NET Core MVC action method parameter" }
235+
}

0 commit comments

Comments
 (0)