Skip to content

Commit cf4b04a

Browse files
calumgrantcalumgrant
committed
C#: Address review comments - adding .getNode() where appropriate.
1 parent e908b09 commit cf4b04a

File tree

6 files changed

+36
-20
lines changed

6 files changed

+36
-20
lines changed

csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -33,6 +33,6 @@ class AddCertToRootStoreConfig extends DataFlow::Configuration {
3333

3434
from DataFlow::PathNode oc, DataFlow::PathNode mc, AddCertToRootStoreConfig config
3535
where config.hasFlowPath(oc, mc)
36-
select mc, oc, mc,
36+
select mc.getNode(), oc, mc,
3737
"Certificate added to the root certificate store."
3838

csharp/ql/src/Security Features/CWE-359/ExposureOfPrivateInformation.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -16,4 +16,4 @@ import semmle.code.csharp.dataflow.DataFlow::DataFlow::PathGraph
1616
from TaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
1717
where c.hasFlowPath(source, sink)
1818
select sink.getNode(), source, sink,
19-
"Private data returned by $@ is written to an external location.", source.getNode(), source.toString()
19+
"Private data returned by $@ is written to an external location.", source.getNode(), source.getNode().toString()

csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -19,4 +19,4 @@ from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
1919
where config.hasFlowPath(source, sink)
2020
select sink.getNode().(Sink).getSensitiveMethodCall(), source, sink,
2121
"Sensitive method may not be executed depending on $@, which flows from $@.",
22-
sink, "this condition", source, "user input"
22+
sink.getNode(), "this condition", source.getNode(), "user input"

csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -156,5 +156,5 @@ module EncodingConfigurations {
156156

157157
from RequiresEncodingConfiguration c, PathNode encodedValue, PathNode sink, string kind
158158
where c.hasWrongEncoding(encodedValue, sink, kind)
159-
select sink, encodedValue, sink,
160-
"This " + kind + " may include data from a $@.", encodedValue, "possibly inappropriately encoded value"
159+
select sink.getNode(), encodedValue, sink,
160+
"This " + kind + " may include data from a $@.", encodedValue.getNode(), "possibly inappropriately encoded value"

csharp/ql/src/Security Features/InsecureRandomness.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -107,4 +107,4 @@ module Random {
107107
from Random::TaintTrackingConfiguration randomTracking, DataFlow::PathNode source, DataFlow::PathNode sink
108108
where randomTracking.hasFlowPath(source, sink)
109109
select sink.getNode(), source, sink,
110-
"Cryptographically insecure random number is generated at $@ and used here in a security context.", source.getNode(), source.toString()
110+
"Cryptographically insecure random number is generated at $@ and used here in a security context.", source.getNode(), source.getNode().toString()

csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected

Lines changed: 30 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -1,14 +1,30 @@
1-
| UrlRedirect.cs:14:31:14:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:14:31:14:53 | access to property QueryString | user-provided value |
2-
| UrlRedirect.cs:39:44:39:74 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:39:44:39:66 | access to property QueryString | user-provided value |
3-
| UrlRedirect.cs:40:47:40:77 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:40:47:40:69 | access to property QueryString | user-provided value |
4-
| UrlRedirect.cs:49:29:49:31 | access to local variable url | Untrusted URL redirection due to $@. | UrlRedirect.cs:24:22:24:44 | access to property QueryString | user-provided value |
5-
| UrlRedirectCore.cs:18:22:18:26 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
6-
| UrlRedirectCore.cs:21:44:21:48 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
7-
| UrlRedirectCore.cs:27:46:27:50 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
8-
| UrlRedirectCore.cs:33:66:33:70 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
9-
| UrlRedirectCore.cs:36:49:36:53 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
10-
| UrlRedirectCore.cs:39:69:39:73 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
11-
| UrlRedirectCore.cs:42:39:42:53 | ... + ... | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
12-
| UrlRedirectCore.cs:50:28:50:32 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:47:51:47:55 | value | user-provided value |
13-
| UrlRedirectCore.cs:55:32:55:45 | object creation of type Uri | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:47:51:47:55 | value | user-provided value |
14-
| UrlRedirectCore.cs:58:31:58:35 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:47:51:47:55 | value | user-provided value |
1+
edges
2+
| UrlRedirect.cs:14:31:14:53 | access to property QueryString | UrlRedirect.cs:14:31:14:61 | access to indexer |
3+
| UrlRedirect.cs:24:22:24:44 | access to property QueryString | UrlRedirect.cs:49:29:49:31 | access to local variable url |
4+
| UrlRedirect.cs:39:44:39:66 | access to property QueryString | UrlRedirect.cs:39:44:39:74 | access to indexer |
5+
| UrlRedirect.cs:40:47:40:69 | access to property QueryString | UrlRedirect.cs:40:47:40:77 | access to indexer |
6+
| UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:18:22:18:26 | access to parameter value |
7+
| UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:21:44:21:48 | call to operator implicit conversion |
8+
| UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:27:46:27:50 | call to operator implicit conversion |
9+
| UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:33:66:33:70 | access to parameter value |
10+
| UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:36:49:36:53 | call to operator implicit conversion |
11+
| UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:39:69:39:73 | access to parameter value |
12+
| UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:42:39:42:53 | ... + ... |
13+
| UrlRedirectCore.cs:47:51:47:55 | value | UrlRedirectCore.cs:50:28:50:32 | access to parameter value |
14+
| UrlRedirectCore.cs:47:51:47:55 | value | UrlRedirectCore.cs:55:32:55:45 | object creation of type Uri |
15+
| UrlRedirectCore.cs:47:51:47:55 | value | UrlRedirectCore.cs:58:31:58:35 | access to parameter value |
16+
#select
17+
| UrlRedirect.cs:14:31:14:61 | access to indexer | UrlRedirect.cs:14:31:14:53 | access to property QueryString | UrlRedirect.cs:14:31:14:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:14:31:14:53 | access to property QueryString | user-provided value |
18+
| UrlRedirect.cs:39:44:39:74 | access to indexer | UrlRedirect.cs:39:44:39:66 | access to property QueryString | UrlRedirect.cs:39:44:39:74 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:39:44:39:66 | access to property QueryString | user-provided value |
19+
| UrlRedirect.cs:40:47:40:77 | access to indexer | UrlRedirect.cs:40:47:40:69 | access to property QueryString | UrlRedirect.cs:40:47:40:77 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:40:47:40:69 | access to property QueryString | user-provided value |
20+
| UrlRedirect.cs:49:29:49:31 | access to local variable url | UrlRedirect.cs:24:22:24:44 | access to property QueryString | UrlRedirect.cs:49:29:49:31 | access to local variable url | Untrusted URL redirection due to $@. | UrlRedirect.cs:24:22:24:44 | access to property QueryString | user-provided value |
21+
| UrlRedirectCore.cs:18:22:18:26 | access to parameter value | UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:18:22:18:26 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
22+
| UrlRedirectCore.cs:21:44:21:48 | call to operator implicit conversion | UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:21:44:21:48 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
23+
| UrlRedirectCore.cs:27:46:27:50 | call to operator implicit conversion | UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:27:46:27:50 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
24+
| UrlRedirectCore.cs:33:66:33:70 | access to parameter value | UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:33:66:33:70 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
25+
| UrlRedirectCore.cs:36:49:36:53 | call to operator implicit conversion | UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:36:49:36:53 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
26+
| UrlRedirectCore.cs:39:69:39:73 | access to parameter value | UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:39:69:39:73 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
27+
| UrlRedirectCore.cs:42:39:42:53 | ... + ... | UrlRedirectCore.cs:15:44:15:48 | value | UrlRedirectCore.cs:42:39:42:53 | ... + ... | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:15:44:15:48 | value | user-provided value |
28+
| UrlRedirectCore.cs:50:28:50:32 | access to parameter value | UrlRedirectCore.cs:47:51:47:55 | value | UrlRedirectCore.cs:50:28:50:32 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:47:51:47:55 | value | user-provided value |
29+
| UrlRedirectCore.cs:55:32:55:45 | object creation of type Uri | UrlRedirectCore.cs:47:51:47:55 | value | UrlRedirectCore.cs:55:32:55:45 | object creation of type Uri | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:47:51:47:55 | value | user-provided value |
30+
| UrlRedirectCore.cs:58:31:58:35 | access to parameter value | UrlRedirectCore.cs:47:51:47:55 | value | UrlRedirectCore.cs:58:31:58:35 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:47:51:47:55 | value | user-provided value |

0 commit comments

Comments
 (0)