From 1d81c77fcdc01e30f86bc8dd5209ae88a6b9ad17 Mon Sep 17 00:00:00 2001 From: Ian Roof Date: Thu, 26 Sep 2024 16:56:41 -0400 Subject: [PATCH 1/7] C#: Enhanced LogForgingQuery to treat C# Enums as simple types. --- .../code/csharp/security/Sanitizers.qll | 3 +- .../2024-09-18-csharp-log-forging-enum.md | 4 ++ .../CWE-117/LogForgingSimpleTypes.cs | 46 +++++++++++++++++++ 3 files changed, 52 insertions(+), 1 deletion(-) create mode 100644 csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md create mode 100644 csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs diff --git a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll index 2a456b14c684..c356014432a2 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll @@ -57,7 +57,8 @@ class SimpleTypeSanitizedExpr extends DataFlow::ExprNode { SimpleTypeSanitizedExpr() { exists(Type t | t = this.getType() or t = this.getType().(NullableType).getUnderlyingType() | t instanceof SimpleType or - t instanceof SystemDateTimeStruct + t instanceof SystemDateTimeStruct or + t instanceof Enum ) } } diff --git a/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md b/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md new file mode 100644 index 000000000000..5c0dc208ac82 --- /dev/null +++ b/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md @@ -0,0 +1,4 @@ +--- +category: fix +--- +* Enhanced LogForgingQuery to treat C# Enums as simple types. \ No newline at end of file diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs new file mode 100644 index 000000000000..32c746abc0c5 --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs @@ -0,0 +1,46 @@ +using System; +using System.Diagnostics; +using System.IO; +using System.Net; +using System.Web; +using Microsoft.Extensions.Logging; + +class ILogger +{ + public void Warn(string message) { } +} + +enum TestEnum +{ + TestEnumValue +} + +public class LogForgingSimpleTypes +{ + public void Execute(HttpContext ctx) + { + // GOOD: int + logger.Warn("Logging simple type (int):" 1); + + // GOOD: long + logger.Warn("Logging simple type (int):" 1L); + + // GOOD: float + logger.Warn("Logging simple type (float):" 1.1); + + // GOOD: double + logger.Warn("Logging simple type (double):" 1.1d); + + // GOOD: decimal + logger.Warn("Logging simple type (double):" 1.1m); + + // GOOD: Enum + logger.Warn("Logging simple type (Enum):" TestEnum.TestEnumVAlue); + + // GOOD: DateTime + logger.Warn("Logging simple type (int):" new DateTime()); + + // GOOD: DateTimeOffset + logger.Warn("Logging simple type (int):" DateTimeOffset.UtcNow); + } +} From 024712c073a8351965faea00175a8e0d9345711e Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 09:48:32 +0200 Subject: [PATCH 2/7] C#: Temporarily comment out considering Enums as having a sanitizing effect. --- csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll index c356014432a2..08874cb533e9 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll @@ -57,8 +57,8 @@ class SimpleTypeSanitizedExpr extends DataFlow::ExprNode { SimpleTypeSanitizedExpr() { exists(Type t | t = this.getType() or t = this.getType().(NullableType).getUnderlyingType() | t instanceof SimpleType or - t instanceof SystemDateTimeStruct or - t instanceof Enum + t instanceof SystemDateTimeStruct + // or t instanceof Enum ) } } From 60e3b4351a41890b65395684c575a98f1adabcd8 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 10:16:52 +0200 Subject: [PATCH 3/7] C#: Fix simple types testcases. --- .../CWE-117/LogForgingAsp.cs | 54 +++++++++++++++++++ .../CWE-117/LogForgingSimpleTypes.cs | 46 ---------------- 2 files changed, 54 insertions(+), 46 deletions(-) delete mode 100644 csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs index a3293344b33f..1bbef682496b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs @@ -3,6 +3,11 @@ using Microsoft.AspNetCore.Http.Headers; using Microsoft.AspNetCore.Mvc; +public enum TestEnum +{ + TestEnumValue +} + public class AspController : ControllerBase { public void Action1(string username) @@ -38,4 +43,53 @@ public void Action2(bool? b) logger.Warn($"Warning about the bool: {b}"); } } + + public void ActionInt(int i) + { + var logger = new ILogger(); + // GOOD: int is a sanitizer. + logger.Warn($"Warning about the int: {i}"); + } + + public void ActionLong(long l) + { + var logger = new ILogger(); + // GOOD: long is a sanitizer. + logger.Warn($"Warning about the long: {l}"); + } + + public void ActionFloat(float f) + { + var logger = new ILogger(); + // GOOD: float is a sanitizer. + logger.Warn($"Warning about the float: {f}"); + } + + public void ActionDouble(double d) + { + var logger = new ILogger(); + // GOOD: double is a sanitizer. + logger.Warn($"Warning about the double: {d}"); + } + + public void ActionDecimal(decimal d) + { + var logger = new ILogger(); + // GOOD: decimal is a sanitizer. + logger.Warn($"Warning about the decimal: {d}"); + } + + public void ActionEnum(TestEnum e) + { + var logger = new ILogger(); + // GOOD: Enum is a sanitizer. [FALSE POSITIVE] + logger.Warn($"Warning about the enum: {e}"); + } + + public void ActionDateTime(DateTimeOffset dt) + { + var logger = new ILogger(); + // GOOD: DateTimeOffset is a sanitizer. [FALSEPOSITIVE] + logger.Warn($"Warning about the DateTimeOffset: {dt}"); + } } diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs deleted file mode 100644 index 32c746abc0c5..000000000000 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingSimpleTypes.cs +++ /dev/null @@ -1,46 +0,0 @@ -using System; -using System.Diagnostics; -using System.IO; -using System.Net; -using System.Web; -using Microsoft.Extensions.Logging; - -class ILogger -{ - public void Warn(string message) { } -} - -enum TestEnum -{ - TestEnumValue -} - -public class LogForgingSimpleTypes -{ - public void Execute(HttpContext ctx) - { - // GOOD: int - logger.Warn("Logging simple type (int):" 1); - - // GOOD: long - logger.Warn("Logging simple type (int):" 1L); - - // GOOD: float - logger.Warn("Logging simple type (float):" 1.1); - - // GOOD: double - logger.Warn("Logging simple type (double):" 1.1d); - - // GOOD: decimal - logger.Warn("Logging simple type (double):" 1.1m); - - // GOOD: Enum - logger.Warn("Logging simple type (Enum):" TestEnum.TestEnumVAlue); - - // GOOD: DateTime - logger.Warn("Logging simple type (int):" new DateTime()); - - // GOOD: DateTimeOffset - logger.Warn("Logging simple type (int):" DateTimeOffset.UtcNow); - } -} From 08159896f385d2e24eb422c69b49bde911822d79 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 10:33:08 +0200 Subject: [PATCH 4/7] C#: Convert cs/log-forging tests to inline expectations. --- .../Security Features/CWE-117/LogForging.cs | 8 +++---- .../CWE-117/LogForging.expected | 21 +++++++++++++++---- .../CWE-117/LogForging.qlref | 4 +++- .../CWE-117/LogForgingAsp.cs | 6 +++--- 4 files changed, 27 insertions(+), 12 deletions(-) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs index 691d98f986e0..18169e4a4b0b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.cs @@ -15,10 +15,10 @@ public class LogForgingHandler : IHttpHandler public void ProcessRequest(HttpContext ctx) { - String username = ctx.Request.QueryString["username"]; + String username = ctx.Request.QueryString["username"]; // $ Source ILogger logger = new ILogger(); // BAD: Logged as-is - logger.Warn(username + " logged in"); + logger.Warn(username + " logged in"); // $ Alert // GOOD: New-lines removed logger.Warn(username.Replace(Environment.NewLine, "") + " logged in"); // GOOD: New-lines removed @@ -28,11 +28,11 @@ public void ProcessRequest(HttpContext ctx) // GOOD: Html encoded logger.Warn(WebUtility.HtmlEncode(username) + " logged in"); // BAD: Logged as-is to TraceSource - new TraceSource("Test").TraceInformation(username + " logged in"); + new TraceSource("Test").TraceInformation(username + " logged in"); // $ Alert Microsoft.Extensions.Logging.ILogger logger2 = null; // BAD: Logged as-is - logger2.LogError(username); + logger2.LogError(username); // $ Alert } public bool IsReusable diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index f817ebd27b03..d7177aaf0de9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -2,7 +2,9 @@ | LogForging.cs:21:21:21:43 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForging.cs:31:50:31:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:50:31:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForging.cs:35:26:35:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:35:26:35:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | -| LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value | +| LogForgingAsp.cs:17:21:17:43 | ... + ... | LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:13:32:13:39 | username | user-provided value | +| LogForgingAsp.cs:86:21:86:50 | $"..." | LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:82:37:82:37 | e | user-provided value | +| LogForgingAsp.cs:93:21:93:61 | $"..." | LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:89:47:89:48 | dt | user-provided value | edges | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:21:21:21:43 | ... + ... | provenance | | | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:31:50:31:72 | ... + ... | provenance | | @@ -10,7 +12,9 @@ edges | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:1 | | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | -| LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | provenance | | +| LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | provenance | | +| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | provenance | | +| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | provenance | | models | 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes @@ -20,6 +24,15 @@ nodes | LogForging.cs:21:21:21:43 | ... + ... | semmle.label | ... + ... | | LogForging.cs:31:50:31:72 | ... + ... | semmle.label | ... + ... | | LogForging.cs:35:26:35:33 | access to local variable username | semmle.label | access to local variable username | -| LogForgingAsp.cs:8:32:8:39 | username : String | semmle.label | username : String | -| LogForgingAsp.cs:12:21:12:43 | ... + ... | semmle.label | ... + ... | +| LogForgingAsp.cs:13:32:13:39 | username : String | semmle.label | username : String | +| LogForgingAsp.cs:17:21:17:43 | ... + ... | semmle.label | ... + ... | +| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | semmle.label | e : TestEnum | +| LogForgingAsp.cs:86:21:86:50 | $"..." | semmle.label | $"..." | +| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | semmle.label | dt : DateTimeOffset | +| LogForgingAsp.cs:93:21:93:61 | $"..." | semmle.label | $"..." | subpaths +testFailures +| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | Unexpected result: Source | +| LogForgingAsp.cs:86:21:86:50 | $"..." | Unexpected result: Alert | +| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | Unexpected result: Source | +| LogForgingAsp.cs:93:21:93:61 | $"..." | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref index a41529bfeb1c..7396362dcbf1 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref @@ -1,2 +1,4 @@ query: Security Features/CWE-117/LogForging.ql -postprocess: utils/test/PrettyPrintModels.ql +postprocess: + - utils/test/PrettyPrintModels.ql + - utils/test/InlineExpectationsTestQuery.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs index 1bbef682496b..b65b42ce9691 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs @@ -10,11 +10,11 @@ public enum TestEnum public class AspController : ControllerBase { - public void Action1(string username) + public void Action1(string username) // $ Source { var logger = new ILogger(); // BAD: Logged as-is - logger.Warn(username + " logged in"); + logger.Warn(username + " logged in"); // $ Alert } public void Action1(DateTime date) @@ -89,7 +89,7 @@ public void ActionEnum(TestEnum e) public void ActionDateTime(DateTimeOffset dt) { var logger = new ILogger(); - // GOOD: DateTimeOffset is a sanitizer. [FALSEPOSITIVE] + // GOOD: DateTimeOffset is a sanitizer. [FALSE POSITIVE] logger.Warn($"Warning about the DateTimeOffset: {dt}"); } } From cf75493fe9b6f9ea21882f2c124af8a28637527b Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 11:16:06 +0200 Subject: [PATCH 5/7] C#: Consider Enums and System.DateTimeOffset as having a sanitizing effect. --- csharp/ql/lib/semmle/code/csharp/frameworks/System.qll | 5 +++++ csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll index 56e063b1b5e0..678563589e8a 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll @@ -756,6 +756,11 @@ class SystemDateTimeStruct extends SystemStruct { SystemDateTimeStruct() { this.hasName("DateTime") } } +/** The `System.DateTimeOffset` struct. */ +class SystemDateTimeOffsetStruct extends SystemStruct { + SystemDateTimeOffsetStruct() { this.hasName("DateTimeOffset") } +} + /** The `System.Span` struct. */ class SystemSpanStruct extends SystemUnboundGenericStruct { SystemSpanStruct() { diff --git a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll index 08874cb533e9..db4b3c6da18d 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/Sanitizers.qll @@ -57,8 +57,9 @@ class SimpleTypeSanitizedExpr extends DataFlow::ExprNode { SimpleTypeSanitizedExpr() { exists(Type t | t = this.getType() or t = this.getType().(NullableType).getUnderlyingType() | t instanceof SimpleType or - t instanceof SystemDateTimeStruct - // or t instanceof Enum + t instanceof SystemDateTimeStruct or + t instanceof SystemDateTimeOffsetStruct or + t instanceof Enum ) } } From d7f5ce249297b16dd9d7ffb9e3972116f6c0f12d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 11:19:37 +0200 Subject: [PATCH 6/7] C#: Update log forging expected test output. --- .../Security Features/CWE-117/LogForging.expected | 13 ------------- .../Security Features/CWE-117/LogForgingAsp.cs | 4 ++-- 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index d7177aaf0de9..1820eaa07d96 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -3,8 +3,6 @@ | LogForging.cs:31:50:31:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:31:50:31:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForging.cs:35:26:35:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:35:26:35:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value | | LogForgingAsp.cs:17:21:17:43 | ... + ... | LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:13:32:13:39 | username | user-provided value | -| LogForgingAsp.cs:86:21:86:50 | $"..." | LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:82:37:82:37 | e | user-provided value | -| LogForgingAsp.cs:93:21:93:61 | $"..." | LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | This log entry depends on a $@. | LogForgingAsp.cs:89:47:89:48 | dt | user-provided value | edges | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:21:21:21:43 | ... + ... | provenance | | | LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:31:50:31:72 | ... + ... | provenance | | @@ -13,8 +11,6 @@ edges | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:1 | | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | | LogForgingAsp.cs:13:32:13:39 | username : String | LogForgingAsp.cs:17:21:17:43 | ... + ... | provenance | | -| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | LogForgingAsp.cs:86:21:86:50 | $"..." | provenance | | -| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | LogForgingAsp.cs:93:21:93:61 | $"..." | provenance | | models | 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes @@ -26,13 +22,4 @@ nodes | LogForging.cs:35:26:35:33 | access to local variable username | semmle.label | access to local variable username | | LogForgingAsp.cs:13:32:13:39 | username : String | semmle.label | username : String | | LogForgingAsp.cs:17:21:17:43 | ... + ... | semmle.label | ... + ... | -| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | semmle.label | e : TestEnum | -| LogForgingAsp.cs:86:21:86:50 | $"..." | semmle.label | $"..." | -| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | semmle.label | dt : DateTimeOffset | -| LogForgingAsp.cs:93:21:93:61 | $"..." | semmle.label | $"..." | subpaths -testFailures -| LogForgingAsp.cs:82:37:82:37 | e : TestEnum | Unexpected result: Source | -| LogForgingAsp.cs:86:21:86:50 | $"..." | Unexpected result: Alert | -| LogForgingAsp.cs:89:47:89:48 | dt : DateTimeOffset | Unexpected result: Source | -| LogForgingAsp.cs:93:21:93:61 | $"..." | Unexpected result: Alert | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs index b65b42ce9691..64f0e34e569b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForgingAsp.cs @@ -82,14 +82,14 @@ public void ActionDecimal(decimal d) public void ActionEnum(TestEnum e) { var logger = new ILogger(); - // GOOD: Enum is a sanitizer. [FALSE POSITIVE] + // GOOD: Enum is a sanitizer. logger.Warn($"Warning about the enum: {e}"); } public void ActionDateTime(DateTimeOffset dt) { var logger = new ILogger(); - // GOOD: DateTimeOffset is a sanitizer. [FALSE POSITIVE] + // GOOD: DateTimeOffset is a sanitizer. logger.Warn($"Warning about the DateTimeOffset: {dt}"); } } From 22c943657aae161afbbe79fa5fbb96306bac4c55 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 2 Apr 2025 09:38:15 +0200 Subject: [PATCH 7/7] C#: Update change note. --- .../ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md | 4 ---- csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) delete mode 100644 csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md create mode 100644 csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md diff --git a/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md b/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md deleted file mode 100644 index 5c0dc208ac82..000000000000 --- a/csharp/ql/src/change-notes/2024-09-18-csharp-log-forging-enum.md +++ /dev/null @@ -1,4 +0,0 @@ ---- -category: fix ---- -* Enhanced LogForgingQuery to treat C# Enums as simple types. \ No newline at end of file diff --git a/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md b/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md new file mode 100644 index 000000000000..ac93bd31b3e9 --- /dev/null +++ b/csharp/ql/src/change-notes/2025-04-02-simple-type-enum.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Enums and `System.DateTimeOffset` are now treated as *simple* types, which means that they are considered to have a sanitizing effect. This impacts many queries, among others the `cs/log-forging` query.