Merge pull request #8559 from michaelnebel/csharp/generateflowmodelsscript

michaelnebel · web-flow · commit 1f72f6c2cd1b · 2022-04-05T08:43:22.000+02:00
C#: Generate Flow Models script
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
@@ -2078,7 +2078,7 @@ module Csv {
           + type + ";" //
           + getCallableOverride(c) + ";" //
           + name + ";" //
-          + "(" + parameterQualifiedTypeNamesToString(c) + ")" //
+          + "(" + parameterQualifiedTypeNamesToString(c) + ")" + ";" //
           + /* ext + */ ";" //
     )
   }
diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
@@ -1056,8 +1056,8 @@ module Private {
       |
         c.relevantSummary(input, output, preservesValue) and
         csv =
-          c.getCallableCsv() + ";" + getComponentStackCsv(input) + ";" +
-            getComponentStackCsv(output) + ";" + renderKind(preservesValue)
+          c.getCallableCsv() + getComponentStackCsv(input) + ";" + getComponentStackCsv(output) +
+            ";" + renderKind(preservesValue)
       )
     }
   }
diff --git a/csharp/ql/src/utils/model-generator/GenerateFlowModel.py b/csharp/ql/src/utils/model-generator/GenerateFlowModel.py
@@ -0,0 +1,15 @@
+#!/usr/bin/python3
+
+import sys
+import os.path
+import subprocess
+
+# Add Model as Data script directory to sys.path.
+gitroot = subprocess.check_output(["git", "rev-parse", "--show-toplevel"]).decode("utf-8").strip()
+madpath = os.path.join(gitroot, "misc/scripts/models-as-data/") # Note that this has been changed.
+sys.path.append(madpath)
+
+import generate_flow_model as model
+
+language = "csharp"
+model.Generator.make(language).run()
diff --git a/csharp/ql/test/utils/model-generator/CaptureSinkModels.expected b/csharp/ql/test/utils/model-generator/CaptureSinkModels.expected
@@ -1,4 +1,4 @@
-| Sinks;NewSinks;false;WrapFieldResponseWriteFile;();Argument[Qualifier];html |
-| Sinks;NewSinks;false;WrapPropResponseWriteFile;();Argument[Qualifier];html |
-| Sinks;NewSinks;false;WrapResponseWrite;(System.Object);Argument[0];html |
-| Sinks;NewSinks;false;WrapResponseWriteFile;(System.String);Argument[0];html |
+| Sinks;NewSinks;false;WrapFieldResponseWriteFile;();;Argument[Qualifier];html |
+| Sinks;NewSinks;false;WrapPropResponseWriteFile;();;Argument[Qualifier];html |
+| Sinks;NewSinks;false;WrapResponseWrite;(System.Object);;Argument[0];html |
+| Sinks;NewSinks;false;WrapResponseWriteFile;(System.String);;Argument[0];html |
diff --git a/csharp/ql/test/utils/model-generator/CaptureSourceModels.expected b/csharp/ql/test/utils/model-generator/CaptureSourceModels.expected
@@ -1,3 +1,3 @@
-| Sources;NewSources;false;WrapConsoleReadKey;();ReturnValue;local |
-| Sources;NewSources;false;WrapConsoleReadLine;();ReturnValue;local |
-| Sources;NewSources;false;WrapConsoleReadLineAndProcees;(System.String);ReturnValue;local |
+| Sources;NewSources;false;WrapConsoleReadKey;();;ReturnValue;local |
+| Sources;NewSources;false;WrapConsoleReadLine;();;ReturnValue;local |
+| Sources;NewSources;false;WrapConsoleReadLineAndProcees;(System.String);;ReturnValue;local |
diff --git a/csharp/ql/test/utils/model-generator/CaptureSummaryModels.expected b/csharp/ql/test/utils/model-generator/CaptureSummaryModels.expected
@@ -1,33 +1,33 @@
-| NoSummaries;PublicClassFlow;false;PublicReturn;(System.Int32);Argument[0];ReturnValue;taint |
-| Summaries;BaseClassFlow;true;ReturnParam;(System.Int32);Argument[0];ReturnValue;taint |
-| Summaries;BasicFlow;false;ReturnField;();Argument[Qualifier];ReturnValue;taint |
-| Summaries;BasicFlow;false;ReturnParam0;(System.String,System.Object);Argument[0];ReturnValue;taint |
-| Summaries;BasicFlow;false;ReturnParam1;(System.String,System.Object);Argument[1];ReturnValue;taint |
-| Summaries;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);Argument[0];ReturnValue;taint |
-| Summaries;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);Argument[1];ReturnValue;taint |
-| Summaries;BasicFlow;false;ReturnSubstring;(System.String);Argument[0];ReturnValue;taint |
-| Summaries;BasicFlow;false;ReturnThis;(System.Object);Argument[Qualifier];ReturnValue;value |
-| Summaries;BasicFlow;false;SetField;(System.String);Argument[0];Argument[Qualifier];taint |
-| Summaries;CollectionFlow;false;AddFieldToList;(System.Collections.Generic.List<System.String>);Argument[Qualifier];Argument[0].Element;taint |
-| Summaries;CollectionFlow;false;AddToList;(System.Collections.Generic.List<System.Object>,System.Object);Argument[1];Argument[0].Element;taint |
-| Summaries;CollectionFlow;false;AssignFieldToArray;(System.Object[]);Argument[Qualifier];Argument[0].Element;taint |
-| Summaries;CollectionFlow;false;AssignToArray;(System.Int32,System.Int32[]);Argument[0];Argument[1].Element;taint |
-| Summaries;CollectionFlow;false;ReturnArrayElement;(System.Int32[]);Argument[0].Element;ReturnValue;taint |
-| Summaries;CollectionFlow;false;ReturnFieldInAList;();Argument[Qualifier];ReturnValue;taint |
-| Summaries;CollectionFlow;false;ReturnListElement;(System.Collections.Generic.List<System.Object>);Argument[0].Element;ReturnValue;taint |
-| Summaries;DerivedClass1Flow;false;ReturnParam1;(System.Int32,System.Int32);Argument[1];ReturnValue;taint |
-| Summaries;DerivedClass2Flow;false;ReturnParam0;(System.Int32,System.Int32);Argument[0];ReturnValue;taint |
-| Summaries;DerivedClass2Flow;false;ReturnParam;(System.Int32);Argument[0];ReturnValue;taint |
-| Summaries;EqualsGetHashCodeNoFlow;false;Equals;(System.Int32);Argument[0];ReturnValue;taint |
-| Summaries;GenericFlow<>;false;AddFieldToGenericList;(System.Collections.Generic.List<T>);Argument[Qualifier];Argument[0].Element;taint |
-| Summaries;GenericFlow<>;false;AddToGenericList<>;(System.Collections.Generic.List<S>,S);Argument[1];Argument[0].Element;taint |
-| Summaries;GenericFlow<>;false;ReturnFieldInGenericList;();Argument[Qualifier];ReturnValue;taint |
-| Summaries;GenericFlow<>;false;ReturnGenericElement<>;(System.Collections.Generic.List<S>);Argument[0].Element;ReturnValue;taint |
-| Summaries;GenericFlow<>;false;ReturnGenericField;();Argument[Qualifier];ReturnValue;taint |
-| Summaries;GenericFlow<>;false;ReturnGenericParam<>;(S);Argument[0];ReturnValue;taint |
-| Summaries;GenericFlow<>;false;SetGenericField;(T);Argument[0];Argument[Qualifier];taint |
-| Summaries;IEnumerableFlow;false;ReturnFieldInIEnumerable;();Argument[Qualifier];ReturnValue;taint |
-| Summaries;IEnumerableFlow;false;ReturnIEnumerable;(System.Collections.Generic.IEnumerable<System.String>);Argument[0].Element;ReturnValue;taint |
-| Summaries;IEnumerableFlow;false;ReturnIEnumerableElement;(System.Collections.Generic.IEnumerable<System.Object>);Argument[0].Element;ReturnValue;taint |
-| Summaries;OperatorFlow;false;OperatorFlow;(System.Object);Argument[0];Argument[Qualifier];taint |
-| Summaries;OperatorFlow;false;op_Addition;(Summaries.OperatorFlow,Summaries.OperatorFlow);Argument[0];ReturnValue;taint |
+| NoSummaries;PublicClassFlow;false;PublicReturn;(System.Int32);;Argument[0];ReturnValue;taint |
+| Summaries;BaseClassFlow;true;ReturnParam;(System.Int32);;Argument[0];ReturnValue;taint |
+| Summaries;BasicFlow;false;ReturnField;();;Argument[Qualifier];ReturnValue;taint |
+| Summaries;BasicFlow;false;ReturnParam0;(System.String,System.Object);;Argument[0];ReturnValue;taint |
+| Summaries;BasicFlow;false;ReturnParam1;(System.String,System.Object);;Argument[1];ReturnValue;taint |
+| Summaries;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[0];ReturnValue;taint |
+| Summaries;BasicFlow;false;ReturnParamMultiple;(System.Object,System.Object);;Argument[1];ReturnValue;taint |
+| Summaries;BasicFlow;false;ReturnSubstring;(System.String);;Argument[0];ReturnValue;taint |
+| Summaries;BasicFlow;false;ReturnThis;(System.Object);;Argument[Qualifier];ReturnValue;value |
+| Summaries;BasicFlow;false;SetField;(System.String);;Argument[0];Argument[Qualifier];taint |
+| Summaries;CollectionFlow;false;AddFieldToList;(System.Collections.Generic.List<System.String>);;Argument[Qualifier];Argument[0].Element;taint |
+| Summaries;CollectionFlow;false;AddToList;(System.Collections.Generic.List<System.Object>,System.Object);;Argument[1];Argument[0].Element;taint |
+| Summaries;CollectionFlow;false;AssignFieldToArray;(System.Object[]);;Argument[Qualifier];Argument[0].Element;taint |
+| Summaries;CollectionFlow;false;AssignToArray;(System.Int32,System.Int32[]);;Argument[0];Argument[1].Element;taint |
+| Summaries;CollectionFlow;false;ReturnArrayElement;(System.Int32[]);;Argument[0].Element;ReturnValue;taint |
+| Summaries;CollectionFlow;false;ReturnFieldInAList;();;Argument[Qualifier];ReturnValue;taint |
+| Summaries;CollectionFlow;false;ReturnListElement;(System.Collections.Generic.List<System.Object>);;Argument[0].Element;ReturnValue;taint |
+| Summaries;DerivedClass1Flow;false;ReturnParam1;(System.Int32,System.Int32);;Argument[1];ReturnValue;taint |
+| Summaries;DerivedClass2Flow;false;ReturnParam0;(System.Int32,System.Int32);;Argument[0];ReturnValue;taint |
+| Summaries;DerivedClass2Flow;false;ReturnParam;(System.Int32);;Argument[0];ReturnValue;taint |
+| Summaries;EqualsGetHashCodeNoFlow;false;Equals;(System.Int32);;Argument[0];ReturnValue;taint |
+| Summaries;GenericFlow<>;false;AddFieldToGenericList;(System.Collections.Generic.List<T>);;Argument[Qualifier];Argument[0].Element;taint |
+| Summaries;GenericFlow<>;false;AddToGenericList<>;(System.Collections.Generic.List<S>,S);;Argument[1];Argument[0].Element;taint |
+| Summaries;GenericFlow<>;false;ReturnFieldInGenericList;();;Argument[Qualifier];ReturnValue;taint |
+| Summaries;GenericFlow<>;false;ReturnGenericElement<>;(System.Collections.Generic.List<S>);;Argument[0].Element;ReturnValue;taint |
+| Summaries;GenericFlow<>;false;ReturnGenericField;();;Argument[Qualifier];ReturnValue;taint |
+| Summaries;GenericFlow<>;false;ReturnGenericParam<>;(S);;Argument[0];ReturnValue;taint |
+| Summaries;GenericFlow<>;false;SetGenericField;(T);;Argument[0];Argument[Qualifier];taint |
+| Summaries;IEnumerableFlow;false;ReturnFieldInIEnumerable;();;Argument[Qualifier];ReturnValue;taint |
+| Summaries;IEnumerableFlow;false;ReturnIEnumerable;(System.Collections.Generic.IEnumerable<System.String>);;Argument[0].Element;ReturnValue;taint |
+| Summaries;IEnumerableFlow;false;ReturnIEnumerableElement;(System.Collections.Generic.IEnumerable<System.Object>);;Argument[0].Element;ReturnValue;taint |
+| Summaries;OperatorFlow;false;OperatorFlow;(System.Object);;Argument[0];Argument[Qualifier];taint |
+| Summaries;OperatorFlow;false;op_Addition;(Summaries.OperatorFlow,Summaries.OperatorFlow);;Argument[0];ReturnValue;taint |
diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
@@ -1056,8 +1056,8 @@ module Private {
       |
         c.relevantSummary(input, output, preservesValue) and
         csv =
-          c.getCallableCsv() + ";" + getComponentStackCsv(input) + ";" +
-            getComponentStackCsv(output) + ";" + renderKind(preservesValue)
+          c.getCallableCsv() + getComponentStackCsv(input) + ";" + getComponentStackCsv(output) +
+            ";" + renderKind(preservesValue)
       )
     }
   }
diff --git a/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll b/ruby/ql/lib/codeql/ruby/dataflow/internal/FlowSummaryImpl.qll
@@ -1056,8 +1056,8 @@ module Private {
       |
         c.relevantSummary(input, output, preservesValue) and
         csv =
-          c.getCallableCsv() + ";" + getComponentStackCsv(input) + ";" +
-            getComponentStackCsv(output) + ";" + renderKind(preservesValue)
+          c.getCallableCsv() + getComponentStackCsv(input) + ";" + getComponentStackCsv(output) +
+            ";" + renderKind(preservesValue)
       )
     }
   }

Original file line number	Diff line number	Diff line change
`@@ -2078,7 +2078,7 @@ module Csv {`
`2078`	`2078`	`+ type + ";" //`
`2079`	`2079`	`+ getCallableOverride(c) + ";" //`
`2080`	`2080`	`+ name + ";" //`
`2081`		`- + "(" + parameterQualifiedTypeNamesToString(c) + ")" //`
	`2081`	`+ + "(" + parameterQualifiedTypeNamesToString(c) + ")" + ";" //`
`2082`	`2082`	`+ /* ext + */ ";" //`
`2083`	`2083`	`)`
`2084`	`2084`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1056,8 +1056,8 @@ module Private {`
`1056`	`1056`	`\|`
`1057`	`1057`	`c.relevantSummary(input, output, preservesValue) and`
`1058`	`1058`	`csv =`
`1059`		`- c.getCallableCsv() + ";" + getComponentStackCsv(input) + ";" +`
`1060`		`- getComponentStackCsv(output) + ";" + renderKind(preservesValue)`
	`1059`	`+ c.getCallableCsv() + getComponentStackCsv(input) + ";" + getComponentStackCsv(output) +`
	`1060`	`+ ";" + renderKind(preservesValue)`
`1061`	`1061`	`)`
`1062`	`1062`	`}`
`1063`	`1063`	`}`