Skip to content

Commit

Permalink
Merge pull request #16356 from michaelnebel/csharp/aligntelemetryimpl…
Browse files Browse the repository at this point in the history
…ementation

C#: Base telemetry Api Source/Sink nodes on abstract classes.
  • Loading branch information
michaelnebel authored May 7, 2024
2 parents 5c74beb + 757cf8d commit cfb0a86
Show file tree
Hide file tree
Showing 27 changed files with 132 additions and 186 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.system.codedom.Compiler
private import semmle.code.csharp.security.Sanitizers
Expand All @@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for user input treated as code vulnerabilities.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for user input treated as code vulnerabilities.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import csharp
private import semmle.code.csharp.controlflow.Guards
private import semmle.code.csharp.controlflow.BasicBlocks
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.System
private import semmle.code.csharp.frameworks.system.Net
Expand All @@ -14,12 +15,12 @@ private import semmle.code.csharp.security.SensitiveActions
/**
* A data flow source for user-controlled bypass of sensitive method.
*/
abstract class Source extends DataFlow::Node { }
abstract class Source extends ApiSourceNode { }

/**
* A data flow sink for user-controlled bypass of sensitive method.
*/
abstract class Sink extends DataFlow::ExprNode {
abstract class Sink extends ApiSinkExprNode {
/** Gets the 'MethodCall' which is considered sensitive. */
abstract MethodCall getSensitiveMethodCall();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.security.dataflow.flowsinks.ExternalLocationSink
private import semmle.code.csharp.security.PrivateData
Expand All @@ -15,7 +16,7 @@ abstract class Source extends DataFlow::ExprNode { }
/**
* A data flow sink for private information flowing unencrypted to an external location.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for private information flowing unencrypted to an external location.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ private import semmle.code.csharp.frameworks.Moq
private import semmle.code.csharp.frameworks.system.web.Security
private import semmle.code.csharp.frameworks.system.security.cryptography.X509Certificates
private import semmle.code.csharp.frameworks.Test
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks

/**
* A data flow source for hard coded credentials.
Expand All @@ -18,7 +19,7 @@ abstract class Source extends DataFlow::ExprNode { }
/**
* A data flow sink for hard coded credentials.
*/
abstract class Sink extends DataFlow::ExprNode {
abstract class Sink extends ApiSinkExprNode {
/**
* Gets a description of this sink, including a placeholder for the sink and a placeholder for
* the supplementary element.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.system.DirectoryServices
private import semmle.code.csharp.frameworks.system.directoryservices.Protocols
Expand All @@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for unvalidated user input that is used to construct LDAP queries.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for unvalidated user input that is used to construct LDAP queries.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.System
private import semmle.code.csharp.frameworks.system.text.RegularExpressions
Expand All @@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for untrusted user input used in log entries.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for untrusted user input used in log entries.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.system.Xml
private import semmle.code.csharp.security.Sanitizers
Expand All @@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
* A data flow sink for untrusted user input processed as XML without validation against a known
* schema.
*/
abstract class Sink extends DataFlow::ExprNode {
abstract class Sink extends ApiSinkExprNode {
/** Gets a string describing the reason why this is a sink. */
abstract string getReason();
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

import csharp
private import semmle.code.csharp.dataflow.DataFlow2
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.system.text.RegularExpressions
private import semmle.code.csharp.security.Sanitizers
Expand All @@ -17,7 +18,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for untrusted user input used in dangerous regular expression operations.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for untrusted user input used in dangerous regular expression operations.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.system.text.RegularExpressions
private import semmle.code.csharp.security.Sanitizers
Expand All @@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for untrusted user input used to construct regular expressions.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for untrusted user input used to construct regular expressions.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.system.Data
private import semmle.code.csharp.security.Sanitizers
Expand All @@ -15,7 +16,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for untrusted user input used in resource descriptors.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for untrusted user input used in resource descriptors.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.Sql
private import semmle.code.csharp.security.Sanitizers
Expand All @@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A sink for SQL injection vulnerabilities.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for SQL injection vulnerabilities.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@

import csharp
private import semmle.code.csharp.controlflow.Guards
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.system.IO
private import semmle.code.csharp.frameworks.system.Web
Expand All @@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for uncontrolled data in path expression vulnerabilities.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for uncontrolled data in path expression vulnerabilities.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
import csharp
private import semmle.code.csharp.serialization.Deserializers
private import semmle.code.csharp.dataflow.TaintTracking2
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources

/**
Expand All @@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for unsafe deserialization vulnerabilities.
*/
abstract class Sink extends DataFlow::Node { }
abstract class Sink extends ApiSinkNode { }

/**
* A data flow sink for unsafe deserialization vulnerabilities to an instance method.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.controlflow.Guards
private import semmle.code.csharp.frameworks.Format
Expand All @@ -20,7 +21,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for unvalidated URL redirect vulnerabilities.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for unvalidated URL redirect vulnerabilities.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.System
private import semmle.code.csharp.frameworks.system.text.RegularExpressions
Expand All @@ -19,7 +20,7 @@ private class ThreatModelSource extends Source instanceof ThreatModelFlowSource
/**
* A data flow sink for untrusted user input used in XML processing.
*/
abstract class Sink extends DataFlow::ExprNode {
abstract class Sink extends ApiSinkExprNode {
/**
* Gets the reason for the insecurity of this sink.
*/
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
*/

import csharp
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
private import semmle.code.csharp.frameworks.system.xml.XPath
private import semmle.code.csharp.frameworks.system.Xml
Expand All @@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for untrusted user input used in XPath expression.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for untrusted user input used in XPath expression.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

import csharp
private import semmle.code.csharp.controlflow.Guards
private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks

/**
* A data flow source for unsafe zip extraction.
Expand All @@ -13,7 +14,7 @@ abstract class Source extends DataFlow::Node { }
/**
* A data flow sink for unsafe zip extraction.
*/
abstract class Sink extends DataFlow::ExprNode { }
abstract class Sink extends ApiSinkExprNode { }

/**
* A sanitizer for unsafe zip extraction.
Expand Down

This file was deleted.

Loading

0 comments on commit cfb0a86

Please sign in to comment.