Skip to content

Commit 1cd37dd

Browse files
committed
C#: Convert System.Net.WebUtility flow to CSV format.
1 parent 07a4f5f commit 1cd37dd

2 files changed

Lines changed: 12 additions & 16 deletions

File tree

csharp/ql/lib/semmle/code/csharp/dataflow/LibraryTypeDataFlow.qll

Lines changed: 0 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1999,22 +1999,6 @@ class SystemWebHttpServerUtilityFlow extends LibraryTypeDataFlow, SystemWebHttpS
19991999
}
20002000
}
20012001

2002-
/** Data flow for `System.Net.WebUtility`. */
2003-
class SystemNetWebUtilityFlow extends LibraryTypeDataFlow, SystemNetWebUtility {
2004-
override predicate callableFlow(
2005-
CallableFlowSource source, CallableFlowSink sink, SourceDeclarationCallable c,
2006-
boolean preservesValue
2007-
) {
2008-
(
2009-
c = this.getAnHtmlEncodeMethod() or
2010-
c = this.getAnUrlEncodeMethod()
2011-
) and
2012-
source = TCallableFlowSourceArg(0) and
2013-
sink = TCallableFlowSinkReturn() and
2014-
preservesValue = false
2015-
}
2016-
}
2017-
20182002
/**
20192003
* Custom flow through `StringValues` library class.
20202004
*/

csharp/ql/lib/semmle/code/csharp/frameworks/system/Net.qll

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,6 +28,18 @@ class SystemNetWebUtility extends SystemNetClass {
2828
Method getAnUrlEncodeMethod() { result = this.getAMethod("UrlEncode") }
2929
}
3030

31+
/** Data flow for `System.Net.WebUtility`. */
32+
private class SystemNetWebUtilityFlowModelCsv extends SummaryModelCsv {
33+
override predicate row(string row) {
34+
row =
35+
[
36+
"System.Net;WebUtility;false;HtmlEncode;(System.String);;Argument[0];ReturnValue;taint",
37+
"System.Net;WebUtility;false;HtmlEncode;(System.String,System.IO.TextWriter);;Argument[0];ReturnValue;taint",
38+
"System.Net;WebUtility;false;UrlEncode;(System.String);;Argument[0];ReturnValue;taint"
39+
]
40+
}
41+
}
42+
3143
/** The `System.Net.HttpListenerResponse` class. */
3244
class SystemNetHttpListenerResponseClass extends SystemNetClass {
3345
SystemNetHttpListenerResponseClass() { this.hasName("HttpListenerResponse") }

0 commit comments

Comments
 (0)