added support for remote flow sinks in the form of parameters to the function

mr-sherman · mr-sherman · commit 858c0e67a118 · 2021-03-22T19:27:49.000-04:00
ServiceStack.IRestClient.Get()
diff --git a/csharp/ql/src/semmle/code/csharp/frameworks/ServiceStack.qll b/csharp/ql/src/semmle/code/csharp/frameworks/ServiceStack.qll
@@ -78,7 +78,21 @@ module Sources {
         }
     }
 }
-
+/** Flow Sinks for the ServiceStack framework */
+module Sinks {
+    private import semmle.code.csharp.security.dataflow.flowsinks.Remote
+  
+    /** RemoteFlow sinks for service stack */
+    class ServiceStackRemoteRequestParameter extends RemoteFlowSink {
+      ServiceStackRemoteRequestParameter() {
+        exists(MethodCall mc |
+          mc.getTarget().hasQualifiedName("ServiceStack.IRestClient.Get") and
+          mc.getArgument(0) = this.asExpr()
+        )
+      }
+    }
+  }
+  
 /** SQLi support for the ServiceStack framework */
 module SQL {
     private import semmle.code.csharp.security.dataflow.SqlInjection::SqlInjection
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/flowsinks/Remote.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/flowsinks/Remote.qll
@@ -8,6 +8,7 @@ private import ExternalLocationSink
 private import Html
 private import semmle.code.csharp.security.dataflow.XSS
 private import semmle.code.csharp.frameworks.system.web.UI
+import semmle.code.csharp.frameworks.ServiceStack::Sinks
 
 /** A data flow sink of remote user output. */
 abstract class RemoteFlowSink extends DataFlow::Node { }
