C#: Update queries to use localExprFlow.

calumgrant · calumgrant · commit 27062384135a · 2019-10-04T16:53:02.000+01:00
diff --git a/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql b/csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql
@@ -32,7 +32,7 @@ predicate returnsCollection(Callable c, Field f) {
 predicate mayWriteToCollection(Expr modified) {
   modified instanceof CollectionModificationAccess
   or
-  exists(Expr mid | mayWriteToCollection(mid) | localFlow(exprNode(modified), exprNode(mid)))
+  exists(Expr mid | mayWriteToCollection(mid) | localExprFlow(modified, mid))
   or
   exists(MethodCall mid, Callable c | mayWriteToCollection(mid) |
     mid.getTarget() = c and
diff --git a/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql b/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
@@ -62,7 +62,7 @@ predicate nonEscapingCall(Call c) {
 predicate mayEscape(LocalVariable v) {
   exists(Callable c, Expr e, Expr succ | c = getACapturingCallableAncestor(v) |
     e = getADelegateExpr(c) and
-    DataFlow::localFlow(DataFlow::exprNode(e), DataFlow::exprNode(succ)) and
+    DataFlow::localExprFlow(e, succ) and
     not succ = any(DelegateCall dc).getDelegateExpr() and
     not succ = any(Cast cast).getExpr() and
     not succ = any(Call call | nonEscapingCall(call)).getAnArgument() and
diff --git a/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql b/csharp/ql/src/Security Features/CWE-119/LocalUnvalidatedArithmetic.ql
@@ -22,10 +22,10 @@ where
   // `add` is performing pointer arithmetic
   add.getType() instanceof PointerType and
   // one of the operands comes, in zero or more steps, from a virtual method call
-  DataFlow::localFlow(DataFlow::exprNode(taintSrc), DataFlow::exprNode(add.getAnOperand())) and
+  DataFlow::localExprFlow(taintSrc, add.getAnOperand()) and
   // virtual method call result has not been validated
   not exists(Expr check, ComparisonOperation cmp |
-    DataFlow::localFlow(DataFlow::exprNode(taintSrc), DataFlow::exprNode(check))
+    DataFlow::localExprFlow(taintSrc, check)
   |
     cmp.getAnOperand() = check and
     add.getAnOperand().(GuardedExpr).isGuardedBy(cmp, check, _)
diff --git a/csharp/ql/src/semmle/code/csharp/Property.qll b/csharp/ql/src/semmle/code/csharp/Property.qll
@@ -520,7 +520,7 @@ class IndexerProperty extends Property {
   pragma[nomagic]
   private IndexerCall getAnIndexerCall0() {
     exists(Expr qualifier | qualifier = result.getQualifier() |
-      DataFlow::localFlow(DataFlow::exprNode(this.getAnAccess()), DataFlow::exprNode(qualifier))
+      DataFlow::localExprFlow(this.getAnAccess(), qualifier)
     )
   }
 
diff --git a/csharp/ql/src/semmle/code/csharp/frameworks/system/Xml.qll b/csharp/ql/src/semmle/code/csharp/frameworks/system/Xml.qll
@@ -156,7 +156,7 @@ class XmlReaderSettingsCreation extends ObjectCreation {
     p = this.getType().(RefType).getAProperty() and
     exists(PropertyCall set, Expr arg |
       set.getTarget() = p.getSetter() and
-      DataFlow::localFlow(DataFlow::exprNode(this), DataFlow::exprNode(set.getQualifier())) and
+      DataFlow::localExprFlow(this, set.getQualifier()) and
       arg = set.getAnArgument() and
       result = getBitwiseOrOperand*(arg)
     )
diff --git a/csharp/ql/src/semmle/code/csharp/frameworks/system/text/RegularExpressions.qll b/csharp/ql/src/semmle/code/csharp/frameworks/system/text/RegularExpressions.qll
@@ -71,7 +71,7 @@ class RegexOperation extends Call {
       |
         // e.g. `new Regex(...).Match(...)`
         // or   `var r = new Regex(...); r.Match(...)`
-        DataFlow::localFlow(DataFlow::exprNode(this), DataFlow::exprNode(call.getQualifier()))
+        DataFlow::localExprFlow(this, call.getQualifier())
         or
         // e.g. `private string r = new Regex(...); public void foo() { r.Match(...); }`
         call.getQualifier().(FieldAccess).getTarget().getInitializer() = this
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/ZipSlip.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/ZipSlip.qll
@@ -142,7 +142,7 @@ module ZipSlip {
       // not yet been resolved.
       not exists(MethodCall combineCall |
         combineCall.getTarget().hasQualifiedName("System.IO.Path", "Combine") and
-        DataFlow::localFlow(DataFlow::exprNode(combineCall), DataFlow::exprNode(q))
+        DataFlow::localExprFlow(combineCall, q)
       )
     }
 
diff --git a/csharp/ql/src/semmle/code/csharp/security/xml/InsecureXML.qll b/csharp/ql/src/semmle/code/csharp/security/xml/InsecureXML.qll
@@ -87,8 +87,7 @@ module InsecureXML {
     or
     // values set on var that create is assigned to
     exists(Assignment propAssign |
-      DataFlow::localFlow(DataFlow::exprNode(create),
-        DataFlow::exprNode(propAssign.getLValue().(PropertyAccess).getQualifier())) and
+      DataFlow::localExprFlow(create, propAssign.getLValue().(PropertyAccess).getQualifier()) and
       propAssign.getLValue().(PropertyAccess).getTarget().hasName(prop) and
       result = propAssign.getRValue()
     )
@@ -253,9 +252,7 @@ module InsecureXML {
       }
 
       override predicate isUnsafe(string reason) {
-        exists(ObjectCreation creation |
-          DataFlow::localFlow(DataFlow::exprNode(creation), DataFlow::exprNode(this.getQualifier()))
-        |
+        exists(ObjectCreation creation | DataFlow::localExprFlow(creation, this.getQualifier()) |
           not exists(Expr xmlResolverVal |
             isSafeXmlResolver(xmlResolverVal) and
             xmlResolverVal = getAValueForProp(creation, "XmlResolver")

Original file line number	Diff line number	Diff line change
`@@ -520,7 +520,7 @@ class IndexerProperty extends Property {`
`520`	`520`	`pragma[nomagic]`
`521`	`521`	`private IndexerCall getAnIndexerCall0() {`
`522`	`522`	`exists(Expr qualifier \| qualifier = result.getQualifier() \|`
`523`		`- DataFlow::localFlow(DataFlow::exprNode(this.getAnAccess()), DataFlow::exprNode(qualifier))`
	`523`	`+ DataFlow::localExprFlow(this.getAnAccess(), qualifier)`
`524`	`524`	`)`
`525`	`525`	`}`
`526`	`526`
Original file line number	Diff line number	Diff line change
`@@ -156,7 +156,7 @@ class XmlReaderSettingsCreation extends ObjectCreation {`
`156`	`156`	`p = this.getType().(RefType).getAProperty() and`
`157`	`157`	`exists(PropertyCall set, Expr arg \|`
`158`	`158`	`set.getTarget() = p.getSetter() and`
`159`		`- DataFlow::localFlow(DataFlow::exprNode(this), DataFlow::exprNode(set.getQualifier())) and`
	`159`	`+ DataFlow::localExprFlow(this, set.getQualifier()) and`
`160`	`160`	`arg = set.getAnArgument() and`
`161`	`161`	`result = getBitwiseOrOperand*(arg)`
`162`	`162`	`)`
Original file line number	Diff line number	Diff line change
`@@ -71,7 +71,7 @@ class RegexOperation extends Call {`
`71`	`71`	`\|`
`72`	`72`	// e.g. `new Regex(...).Match(...)`
`73`	`73`	// or `var r = new Regex(...); r.Match(...)`
`74`		`- DataFlow::localFlow(DataFlow::exprNode(this), DataFlow::exprNode(call.getQualifier()))`
	`74`	`+ DataFlow::localExprFlow(this, call.getQualifier())`
`75`	`75`	`or`
`76`	`76`	// e.g. `private string r = new Regex(...); public void foo() { r.Match(...); }`
`77`	`77`	`call.getQualifier().(FieldAccess).getTarget().getInitializer() = this`
Original file line number	Diff line number	Diff line change
`@@ -142,7 +142,7 @@ module ZipSlip {`
`142`	`142`	`// not yet been resolved.`
`143`	`143`	`not exists(MethodCall combineCall \|`
`144`	`144`	`combineCall.getTarget().hasQualifiedName("System.IO.Path", "Combine") and`
`145`		`- DataFlow::localFlow(DataFlow::exprNode(combineCall), DataFlow::exprNode(q))`
	`145`	`+ DataFlow::localExprFlow(combineCall, q)`
`146`	`146`	`)`
`147`	`147`	`}`
`148`	`148`