Merge pull request #10127 from michaelnebel/csharp/clearscontent

C#: Replace clears content with CSV summaries.

Author: michaelnebel

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

@@ -102,6 +102,7 @@ private module Frameworks {
   private import semmle.code.csharp.frameworks.ServiceStack
   private import semmle.code.csharp.frameworks.Sql
   private import semmle.code.csharp.frameworks.System
+  private import semmle.code.csharp.frameworks.system.CodeDom
   private import semmle.code.csharp.frameworks.system.Collections
   private import semmle.code.csharp.frameworks.system.collections.Concurrent
   private import semmle.code.csharp.frameworks.system.collections.Generic
@@ -110,6 +111,7 @@ private module Frameworks {
   private import semmle.code.csharp.frameworks.system.collections.Specialized
   private import semmle.code.csharp.frameworks.system.ComponentModel
   private import semmle.code.csharp.frameworks.system.componentmodel.Design
+  private import semmle.code.csharp.frameworks.system.Configuration
   private import semmle.code.csharp.frameworks.system.Data
   private import semmle.code.csharp.frameworks.system.data.Common
   private import semmle.code.csharp.frameworks.system.Diagnostics
@@ -121,6 +123,7 @@ private module Frameworks {
   private import semmle.code.csharp.frameworks.system.IO
   private import semmle.code.csharp.frameworks.system.io.Compression
   private import semmle.code.csharp.frameworks.system.runtime.CompilerServices
+  private import semmle.code.csharp.frameworks.system.Security
   private import semmle.code.csharp.frameworks.system.security.Cryptography
   private import semmle.code.csharp.frameworks.system.security.cryptography.X509Certificates
   private import semmle.code.csharp.frameworks.system.Text

csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll

@@ -226,15 +226,6 @@ module Public {
       none()
     }
 
-    /**
-     * Holds if values stored inside `content` are cleared on objects passed as
-     * arguments at position `pos` to this callable.
-     *
-     * TODO: Remove once all languages support `WithoutContent` tokens.
-     */
-    pragma[nomagic]
-    predicate clearsContent(ParameterPosition pos, ContentSet content) { none() }
-
     /**
      * Holds if the summary is auto generated.
      */
@@ -328,23 +319,6 @@ module Private {
           SummaryComponentStack::singleton(TArgumentSummaryComponent(_))) and
       preservesValue = preservesValue1.booleanAnd(preservesValue2)
     )
-    or
-    exists(ParameterPosition ppos, ContentSet cs |
-      c.clearsContent(ppos, cs) and
-      input = SummaryComponentStack::push(SummaryComponent::withoutContent(cs), output) and
-      output = SummaryComponentStack::argument(ppos) and
-      preservesValue = true
-    )
-  }
-
-  private class MkClearStack extends RequiredSummaryComponentStack {
-    override predicate required(SummaryComponent head, SummaryComponentStack tail) {
-      exists(SummarizedCallable sc, ParameterPosition ppos, ContentSet cs |
-        sc.clearsContent(ppos, cs) and
-        head = SummaryComponent::withoutContent(cs) and
-        tail = SummaryComponentStack::argument(ppos)
-      )
-    }
   }
 
   /**
@@ -945,8 +919,7 @@ module Private {
         AccessPath inSpec, AccessPath outSpec, string kind
       ) {
         summaryElement(this, inSpec, outSpec, kind, true) and
-        not summaryElement(this, _, _, _, false) and
-        not this.clearsContent(_, _)
+        not summaryElement(this, _, _, _, false)
       }
 
       private predicate relevantSummaryElement(AccessPath inSpec, AccessPath outSpec, string kind) {

csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll

@@ -163,6 +163,10 @@ bindingset[c]
 SummaryComponent interpretComponentSpecific(AccessPathToken c) {
   c = "Element" and result = SummaryComponent::content(any(ElementContent ec))
   or
+  c = "WithoutElement" and result = SummaryComponent::withoutContent(any(ElementContent ec))
+  or
+  c = "WithElement" and result = SummaryComponent::withContent(any(ElementContent ec))
+  or
   // Qualified names may contain commas,such as in `Tuple<,>`, so get the entire argument list
   // rather than an individual argument.
   exists(Field f |
@@ -199,6 +203,10 @@ private string getContentSpecificCsv(Content c) {
 string getComponentSpecificCsv(SummaryComponent sc) {
   exists(Content c | sc = TContentSummaryComponent(c) and result = getContentSpecificCsv(c))
   or
+  exists(Content c | sc = TWithoutContentSummaryComponent(c) and result = "WithoutElement")
+  or
+  exists(Content c | sc = TWithContentSummaryComponent(c) and result = "WithElement")
+  or
   exists(ReturnKind rk |
     sc = TReturnSummaryComponent(rk) and
     result = "ReturnValue[" + rk + "]" and

csharp/ql/lib/semmle/code/csharp/frameworks/System.qll

@@ -71,6 +71,8 @@ private class SystemArrayFlowModelCsv extends SummaryModelCsv {
     row =
       [
         "System;Array;false;AsReadOnly<>;(T[]);;Argument[0].Element;ReturnValue.Element;value;manual",
+        "System;Array;false;Clear;(System.Array,System.Int32,System.Int32);;Argument[0].WithoutElement;Argument[0];value;manual",
+        "System;Array;false;Clear;(System.Array);;Argument[0].WithoutElement;Argument[0];value;manual",
         "System;Array;false;Clone;();;Argument[0].Element;ReturnValue.Element;value;manual",
         "System;Array;false;CopyTo;(System.Array,System.Int64);;Argument[this].Element;Argument[0].Element;value;manual",
         "System;Array;false;Find<>;(T[],System.Predicate<T>);;Argument[0].Element;Argument[1].Parameter[0];value;manual",

csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/VisualBasic.qll

@@ -7,6 +7,7 @@ private class MicrosoftVisualBasicCollectionFlowModelCsv extends SummaryModelCsv
   override predicate row(string row) {
     row =
       [
+        "Microsoft.VisualBasic;Collection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "Microsoft.VisualBasic;Collection;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual",
         "Microsoft.VisualBasic;Collection;false;get_Item;(System.Int32);;Argument[this].Element;ReturnValue;value;manual",
         "Microsoft.VisualBasic;Collection;false;get_Item;(System.Object);;Argument[this].Element;ReturnValue;value;manual",

csharp/ql/lib/semmle/code/csharp/frameworks/system/CodeDom.qll

@@ -2,6 +2,7 @@
 
 import csharp
 private import semmle.code.csharp.frameworks.System
+private import semmle.code.csharp.dataflow.ExternalFlow
 
 /** The `System.CodeDome` namespace. */
 class SystemCodeDomNamespace extends Namespace {
@@ -10,3 +11,11 @@ class SystemCodeDomNamespace extends Namespace {
     this.hasName("CodeDom")
   }
 }
+
+/** Data flow for `System.CodeDom.CodeNamespaceImportCollection`. */
+private class SystemCodeDomCodeNamespaceImportCollectionFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      "System.CodeDom;CodeNamespaceImportCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual"
+  }
+}

csharp/ql/lib/semmle/code/csharp/frameworks/system/Collections.qll

@@ -46,20 +46,6 @@ private class SystemCollectionIEnumerableFlowModelCsv extends SummaryModelCsv {
   }
 }
 
-/** Clear content for Clear methods in all subtypes of `System.Collections.IEnumerable`. */
-private class SystemCollectionsIEnumerableClearFlow extends SummarizedCallable {
-  SystemCollectionsIEnumerableClearFlow() {
-    this.getDeclaringType().(RefType).getABaseType*() instanceof
-      SystemCollectionsIEnumerableInterface and
-    this.hasName("Clear")
-  }
-
-  override predicate clearsContent(ParameterPosition pos, DataFlow::ContentSet content) {
-    (if this.(Modifiable).isStatic() then pos.getPosition() = 0 else pos.isThisParameter()) and
-    content instanceof DataFlow::ElementContent
-  }
-}
-
 /** The `System.Collections.IEnumerator` interface. */
 class SystemCollectionsIEnumeratorInterface extends SystemCollectionsInterface {
   SystemCollectionsIEnumeratorInterface() { this.hasName("IEnumerator") }
@@ -96,6 +82,7 @@ private class SystemCollectionsIListFlowModelCsv extends SummaryModelCsv {
     row =
       [
         "System.Collections;IList;true;Add;(System.Object);;Argument[0];Argument[this].Element;value;manual",
+        "System.Collections;IList;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.Collections;IList;true;Insert;(System.Int32,System.Object);;Argument[1];Argument[this].Element;value;manual",
         "System.Collections;IList;true;get_Item;(System.Int32);;Argument[this].Element;ReturnValue;value;manual",
         "System.Collections;IList;true;set_Item;(System.Int32,System.Object);;Argument[1];Argument[this].Element;value;manual",
@@ -115,6 +102,7 @@ private class SystemCollectionsIDictionaryFlowModelCsv extends SummaryModelCsv {
       [
         "System.Collections;IDictionary;true;Add;(System.Object,System.Object);;Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key];value;manual",
         "System.Collections;IDictionary;true;Add;(System.Object,System.Object);;Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];value;manual",
+        "System.Collections;IDictionary;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.Collections;IDictionary;true;get_Item;(System.Object);;Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];ReturnValue;value;manual",
         "System.Collections;IDictionary;true;get_Keys;();;Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key];ReturnValue.Element;value;manual",
         "System.Collections;IDictionary;true;get_Values;();;Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];ReturnValue.Element;value;manual",
@@ -194,6 +182,7 @@ private class SystemCollectionsQueueFlowModelCsv extends SummaryModelCsv {
   override predicate row(string row) {
     row =
       [
+        "System.Collections;Queue;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.Collections;Queue;false;Clone;();;Argument[0].Element;ReturnValue.Element;value;manual",
         "System.Collections;Queue;false;Peek;();;Argument[this].Element;ReturnValue;value;manual",
       ]
@@ -205,6 +194,7 @@ private class SystemCollectionsStackFlowModelCsv extends SummaryModelCsv {
   override predicate row(string row) {
     row =
       [
+        "System.Collections;Stack;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.Collections;Stack;false;Clone;();;Argument[0].Element;ReturnValue.Element;value;manual",
         "System.Collections;Stack;false;Peek;();;Argument[this].Element;ReturnValue;value;manual",
         "System.Collections;Stack;false;Pop;();;Argument[this].Element;ReturnValue;value;manual",

csharp/ql/lib/semmle/code/csharp/frameworks/system/ComponentModel.qll

@@ -12,6 +12,7 @@ private class SystemComponentModelPropertyDescriptorCollectionFlowModelCsv exten
         "System.ComponentModel;PropertyDescriptorCollection;false;Add;(System.ComponentModel.PropertyDescriptor);;Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];value;manual",
         "System.ComponentModel;PropertyDescriptorCollection;false;Add;(System.Object);;Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Key];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Key];value;manual",
         "System.ComponentModel;PropertyDescriptorCollection;false;Add;(System.Object);;Argument[0].Property[System.Collections.Generic.KeyValuePair<,>.Value];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair<,>.Value];value;manual",
+        "System.ComponentModel;PropertyDescriptorCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.ComponentModel;PropertyDescriptorCollection;false;Find;(System.String,System.Boolean);;Argument[this].Element;ReturnValue;value;manual",
         "System.ComponentModel;PropertyDescriptorCollection;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual",
         "System.ComponentModel;PropertyDescriptorCollection;false;Insert;(System.Int32,System.ComponentModel.PropertyDescriptor);;Argument[1];Argument[this].Element;value;manual",
@@ -37,6 +38,7 @@ private class SystemComponentModelEventDescriptorCollectionFlowModelCsv extends
     row =
       [
         "System.ComponentModel;EventDescriptorCollection;false;Add;(System.ComponentModel.EventDescriptor);;Argument[0];Argument[this].Element;value;manual",
+        "System.ComponentModel;EventDescriptorCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.ComponentModel;EventDescriptorCollection;false;Find;(System.String,System.Boolean);;Argument[this].Element;ReturnValue;value;manual",
         "System.ComponentModel;EventDescriptorCollection;false;GetEnumerator;();;Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual",
         "System.ComponentModel;EventDescriptorCollection;false;Insert;(System.Int32,System.ComponentModel.EventDescriptor);;Argument[1];Argument[this].Element;value;manual",

csharp/ql/lib/semmle/code/csharp/frameworks/system/Configuration.qll

@@ -0,0 +1,26 @@
+/** Provides definitions related to the namespace `System.Configuration`. */
+
+import csharp
+private import semmle.code.csharp.dataflow.ExternalFlow
+
+/** Data flow for some collection classes in `System.Configuration.*`. */
+private class SystemClearFlowModelCsv extends SummaryModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        "System.Configuration;CommaDelimitedStringCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;ConfigurationLockCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;ConfigurationPropertyCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;ConfigurationSectionCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;ConfigurationSectionGroupCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;ConnectionStringSettingsCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;KeyValueConfigurationCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;NameValueConfigurationCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;ProviderSettingsCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;SettingElementCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;SettingsPropertyCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration;SettingsPropertyValueCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+        "System.Configuration.Provider;ProviderCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
+      ]
+  }
+}

csharp/ql/lib/semmle/code/csharp/frameworks/system/Data.qll

@@ -150,6 +150,7 @@ private class SystemDataConstraintCollectionFlowModelCsv extends SummaryModelCsv
       [
         "System.Data;ConstraintCollection;false;Add;(System.Data.Constraint);;Argument[0];Argument[this].Element;value;manual",
         "System.Data;ConstraintCollection;false;AddRange;(System.Data.Constraint[]);;Argument[0].Element;Argument[this].Element;value;manual",
+        "System.Data;ConstraintCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.Data;ConstraintCollection;false;CopyTo;(System.Data.Constraint[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual",
       ]
   }
@@ -163,6 +164,7 @@ private class SystemDataDataColumnCollectionFlowModelCsv extends SummaryModelCsv
         "System.Data;DataColumnCollection;false;Add;(System.Data.DataColumn);;Argument[0];Argument[this].Element;value;manual",
         "System.Data;DataColumnCollection;false;Add;(System.String);;Argument[0];Argument[this].Element;value;manual",
         "System.Data;DataColumnCollection;false;AddRange;(System.Data.DataColumn[]);;Argument[0].Element;Argument[this].Element;value;manual",
+        "System.Data;DataColumnCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.Data;DataColumnCollection;false;CopyTo;(System.Data.DataColumn[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual",
       ]
   }
@@ -174,6 +176,7 @@ private class SystemDataDataRelationCollectionFlowModelCsv extends SummaryModelC
     row =
       [
         "System.Data;DataRelationCollection;false;Add;(System.Data.DataRelation);;Argument[0];Argument[this].Element;value;manual",
+        "System.Data;DataRelationCollection;true;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.Data;DataRelationCollection;false;CopyTo;(System.Data.DataRelation[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual",
         "System.Data;DataRelationCollection;true;AddRange;(System.Data.DataRelation[]);;Argument[0].Element;Argument[this].Element;value;manual",
       ]
@@ -187,6 +190,7 @@ private class SystemDataDataRawCollectionFlowModelCsv extends SummaryModelCsv {
       [
         "System.Data;DataRowCollection;false;Add;(System.Data.DataRow);;Argument[0];Argument[this].Element;value;manual",
         "System.Data;DataRowCollection;false;Add;(System.Object[]);;Argument[0];Argument[this].Element;value;manual",
+        "System.Data;DataRowCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.Data;DataRowCollection;false;CopyTo;(System.Data.DataRow[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual",
         "System.Data;DataRowCollection;false;Find;(System.Object);;Argument[this].Element;ReturnValue;value;manual",
         "System.Data;DataRowCollection;false;Find;(System.Object[]);;Argument[this].Element;ReturnValue;value;manual",
@@ -202,6 +206,7 @@ private class SystemDataDataTableCollectionFlowModelCsv extends SummaryModelCsv
         "System.Data;DataTableCollection;false;Add;(System.Data.DataTable);;Argument[0];Argument[this].Element;value;manual",
         "System.Data;DataTableCollection;false;Add;(System.String);;Argument[0];Argument[this].Element;value;manual",
         "System.Data;DataTableCollection;false;AddRange;(System.Data.DataTable[]);;Argument[0].Element;Argument[this].Element;value;manual",
+        "System.Data;DataTableCollection;false;Clear;();;Argument[this].WithoutElement;Argument[this];value;manual",
         "System.Data;DataTableCollection;false;CopyTo;(System.Data.DataTable[],System.Int32);;Argument[this].Element;Argument[0].Element;value;manual",
       ]
   }