1-
21private import csharp
32private import semmle.code.csharp.frameworks.Moq
43private import semmle.code.csharp.frameworks.System
@@ -25,10 +24,10 @@ abstract class Sanitizer extends DataFlow::ExprNode { }
2524class NonEmptyStringLiteral extends Source {
2625 NonEmptyStringLiteral ( ) {
2726 exists ( StringLiteral literal |
28- this .getExpr ( ) = literal
29- and literal .getValue ( ) .length ( ) > 1
30- and literal .fromSource ( )
31- and not literal .getValue ( ) .matches ( "${%}" )
27+ this .getExpr ( ) = literal and
28+ literal .getValue ( ) .length ( ) > 1 and
29+ literal .fromSource ( ) and
30+ not literal .getValue ( ) .matches ( "${%}" )
3231 )
3332 }
3433}
@@ -42,8 +41,8 @@ class ByteArrayLiteral extends Source {
4241 any ( ArrayCreation ac |
4342 ac .getArrayType ( ) .getElementType ( ) instanceof ByteType and
4443 ac .hasInitializer ( )
45- )
46- and this .getExpr ( ) .fromSource ( )
44+ ) and
45+ this .getExpr ( ) .fromSource ( )
4746 }
4847}
4948
@@ -56,8 +55,8 @@ class CharArrayLiteral extends Source {
5655 any ( ArrayCreation ac |
5756 ac .getArrayType ( ) .getElementType ( ) instanceof CharType and
5857 ac .hasInitializer ( )
59- )
60- and this .getExpr ( ) .fromSource ( )
58+ ) and
59+ this .getExpr ( ) .fromSource ( )
6160 }
6261}
6362
@@ -67,9 +66,7 @@ class LiteralToSecurityKeyConfig extends TaintTracking::Configuration {
6766
6867 override predicate isSource ( DataFlow:: Node source ) { source instanceof Source }
6968
70- override predicate isSink ( DataFlow:: Node sink ) {
71- sink instanceof Sink
72- }
69+ override predicate isSink ( DataFlow:: Node sink ) { sink instanceof Sink }
7370
7471 override predicate isSanitizer ( DataFlow:: Node node ) { node instanceof Sanitizer }
7572}
@@ -78,49 +75,50 @@ class SymmetricSecurityKey extends Sink {
7875 SymmetricSecurityKey ( ) {
7976 exists ( ObjectCreation securityKey |
8077 securityKey .getAnArgument ( ) = this .getExpr ( ) and
81- securityKey . getType ( ) . getQualifiedName ( ) in [
82- "Microsoft.IdentityModel.Tokens.SymmetricSecurityKey" ,
83- "System .IdentityModel.Tokens.SymmetricSecurityKey"
84- ]
78+ securityKey
79+ . getType ( )
80+ . hasFullyQualifiedName ( [ "Microsoft .IdentityModel.Tokens" , "System.IdentityModel.Tokens" ] ,
81+ "SymmetricSecurityKey" )
8582 )
8683 }
8784}
8885
89-
90- /**
86+ /**
9187 * A result from a mock interface
9288 * Ignore values that are ultimately returned by mocks, as they don't represent "real" credentials.
93- */
89+ */
9490class MockSanitizer extends Sanitizer {
9591 MockSanitizer ( ) {
96- exists ( ReturnedByMockObject mock |
97- mock .getAMemberInitializationValue ( ) = this .asExpr ( )
98- or mock .getAnArgument ( ) = this .asExpr ( )
92+ exists ( ReturnedByMockObject mock |
93+ mock .getAMemberInitializationValue ( ) = this .asExpr ( ) or
94+ mock .getAnArgument ( ) = this .asExpr ( )
9995 )
10096 }
10197}
10298
103- /**
99+ /**
104100 * A result from a mock interface
105101 * The function is not itself marked as a mock, but all uses of it are in mocks.
106- */
102+ */
107103class MockSanitizer2 extends Sanitizer {
108104 MockSanitizer2 ( ) {
109105 exists ( Method method , ReturnedByMockObject mock |
110106 exists ( Call call |
111- call = method .getACall ( ) and method .getAChild * ( ) = this .asExpr ( ) and
107+ call = method .getACall ( ) and
108+ method .getAChild * ( ) = this .asExpr ( ) and
112109 (
113- mock .getAMemberInitializationValue ( ) .getAChild * ( ) = call
114- or mock .getAnArgument ( ) .getAChild * ( ) = call
110+ mock .getAMemberInitializationValue ( ) .getAChild * ( ) = call or
111+ mock .getAnArgument ( ) .getAChild * ( ) = call
115112 )
116- )
117- and not exists ( Call call |
118- call = method .getACall ( ) and method .getAChild * ( ) = this .asExpr ( ) and
113+ ) and
114+ not exists ( Call call |
115+ call = method .getACall ( ) and
116+ method .getAChild * ( ) = this .asExpr ( ) and
119117 not (
120- mock .getAMemberInitializationValue ( ) .getAChild * ( ) = call
121- or mock .getAnArgument ( ) .getAChild * ( ) = call
122- )
118+ mock .getAMemberInitializationValue ( ) .getAChild * ( ) = call or
119+ mock .getAnArgument ( ) .getAChild * ( ) = call
123120 )
121+ )
124122 )
125123 }
126124}
@@ -161,11 +159,12 @@ class ToStringSanitizer extends Sanitizer {
161159class ConfigurationSanitizer extends Sanitizer {
162160 ConfigurationSanitizer ( ) {
163161 exists ( Access configuration , MethodCall call |
164- configuration .getType ( ) .getQualifiedName ( ) in [
165- "Microsoft.Extensions.Configuration.IConfiguration" , "Microsoft.Extensions.Configuration.ConfigurationManager"
166- ]
167- and call .getQualifier ( ) = configuration
168- and call .getAnArgument ( ) = this .getExpr ( )
162+ configuration
163+ .getType ( )
164+ .hasFullyQualifiedName ( "Microsoft.Extensions.Configuration" ,
165+ [ "IConfiguration" , "ConfigurationManager" ] ) and
166+ call .getQualifier ( ) = configuration and
167+ call .getAnArgument ( ) = this .getExpr ( )
169168 )
170169 }
171170}
@@ -175,9 +174,14 @@ class ConfigurationSanitizer extends Sanitizer {
175174 */
176175class FileSanitizer extends Sanitizer {
177176 FileSanitizer ( ) {
178- exists ( Call c | c .getTarget ( ) .hasQualifiedName ( "System.IO.File" , [
179- "ReadAllBytes" , "ReadAllText" , "Open" , "OpenText" , "OpenRead" , "OpenHandle" , "ReadAllTextAsync" , "ReadAllBytesAsync" , "ReadAllLines" , "ReadAllLinesAsync" , "ReadLines" , "ReadLinesAsync" , "OpenTextAsync"
180- ] ) and
177+ exists ( Call c |
178+ c .getTarget ( )
179+ .hasFullyQualifiedName ( "System.IO.File" ,
180+ [
181+ "ReadAllBytes" , "ReadAllText" , "Open" , "OpenText" , "OpenRead" , "OpenHandle" ,
182+ "ReadAllTextAsync" , "ReadAllBytesAsync" , "ReadAllLines" , "ReadAllLinesAsync" ,
183+ "ReadLines" , "ReadLinesAsync" , "OpenTextAsync"
184+ ] ) and
181185 c .getAnArgument ( ) = this .getExpr ( )
182186 )
183187 }
@@ -207,7 +211,8 @@ class TestClassSanitizer extends Sanitizer {
207211 */
208212class TestNamespaceSanitizer extends Sanitizer {
209213 TestNamespaceSanitizer ( ) {
210- exists ( Namespace n | n .getName ( ) .matches ( [ "Test%" , "%Test" , "%Tests" , "Mock%" , "%Mocks" , "%Mock" , "Fake%" ] ) and
214+ exists ( Namespace n |
215+ n .getName ( ) .matches ( [ "Test%" , "%Test" , "%Tests" , "Mock%" , "%Mocks" , "%Mock" , "Fake%" ] ) and
211216 (
212217 this .getExpr ( ) = n .getAClass ( ) .getAMethod ( ) .getAChild * ( ) or
213218 this .getExpr ( ) = n .getAClass ( ) .getAField ( ) .getAChild * ( ) or
@@ -222,13 +227,18 @@ class TestNamespaceSanitizer extends Sanitizer {
222227 */
223228class DebugSanitizer extends Sanitizer {
224229 DebugSanitizer ( ) {
225- exists ( IfDirective if_d , EndifDirective endif_d , Location if_loc , Location endif_loc , Location loc |
230+ exists (
231+ IfDirective if_d , EndifDirective endif_d , Location if_loc , Location endif_loc , Location loc
232+ |
226233 loc = this .getLocation ( ) and
227- if_d .getCondition ( ) .toString ( ) = "DEBUG" and if_d .getEndifDirective ( ) = endif_d
228- and if_d .getLocation ( ) = if_loc and endif_d .getLocation ( ) = endif_loc
229- and loc .getStartLine ( ) > if_loc .getEndLine ( )
230- and loc .getEndLine ( ) < endif_loc .getStartLine ( )
231- and loc .getFile ( ) = if_loc .getFile ( )
234+ if_d .getCondition ( ) .toString ( ) = "DEBUG" and
235+ if_d .getEndifDirective ( ) = endif_d and
236+ if_d .getLocation ( ) = if_loc and
237+ endif_d .getLocation ( ) = endif_loc and
238+ loc .getStartLine ( ) > if_loc .getEndLine ( ) and
239+ loc .getEndLine ( ) < endif_loc .getStartLine ( ) and
240+ loc .getFile ( ) = if_loc .getFile ( )
232241 )
233242 }
234- }
243+ }
244+
0 commit comments