Merge pull request #15940 from michaelnebel/csharp/sourcesinktests

C#: Source- and sink tests.

Author: michaelnebel

csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll

@@ -395,14 +395,14 @@ Declaration interpretElement(
  * A callable where there exists a MaD sink model that applies to it.
  */
 class SinkCallable extends Callable {
-  SinkCallable() { SourceSinkInterpretationInput::sinkElement(this, _, _) }
+  SinkCallable() { SourceSinkInterpretationInput::sinkElement(this, _, _, _) }
 }
 
 /**
  * A callable where there exists a MaD source model that applies to it.
  */
 class SourceCallable extends Callable {
-  SourceCallable() { SourceSinkInterpretationInput::sourceElement(this, _, _) }
+  SourceCallable() { SourceSinkInterpretationInput::sourceElement(this, _, _, _) }
 }
 
 cached

csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll

@@ -160,20 +160,20 @@ module SourceSinkInterpretationInput implements
 
   class Element = Cs::Element;
 
-  predicate sourceElement(Element e, string output, string kind) {
+  predicate sourceElement(Element e, string output, string kind, Public::Provenance provenance) {
     exists(
       string namespace, string type, boolean subtypes, string name, string signature, string ext
     |
-      sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, _) and
+      sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance) and
       e = interpretElement(namespace, type, subtypes, name, signature, ext)
     )
   }
 
-  predicate sinkElement(Element e, string input, string kind) {
+  predicate sinkElement(Element e, string input, string kind, Public::Provenance provenance) {
     exists(
       string namespace, string type, boolean subtypes, string name, string signature, string ext
     |
-      sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, _) and
+      sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance) and
       e = interpretElement(namespace, type, subtypes, name, signature, ext)
     )
   }

csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected

@@ -1,11 +1,20 @@
 import shared.FlowSummaries
 import semmle.code.csharp.dataflow.internal.ExternalFlow
 
-private class IncludeAllSummarizedCallable extends IncludeSummarizedCallable {
-  IncludeAllSummarizedCallable() { exists(this) }
+final private class NeutralCallableFinal = NeutralCallable;
+
+class RelevantNeutralCallable extends NeutralCallableFinal {
+  final string getCallableCsv() { result = asPartialNeutralModel(this) }
+}
+
+class RelevantSourceCallable extends SourceCallable {
+  string getCallableCsv() { result = asPartialModel(this) }
 }
 
-private class IncludeNeutralSummarizedCallable extends RelevantNeutralCallable {
-  /** Gets a string representing the callable in semi-colon separated format for use in flow summaries. */
-  final override string getCallableCsv() { result = asPartialNeutralModel(this) }
+class RelevantSinkCallable extends SinkCallable {
+  string getCallableCsv() { result = asPartialModel(this) }
 }
+
+import TestSummaryOutput<IncludeSummarizedCallable>
+import TestNeutralOutput<RelevantNeutralCallable>
+import External::TestSourceSinkOutput<RelevantSourceCallable, RelevantSinkCallable>

csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql

@@ -1,4 +1,3 @@
-summary
 | Dapper;CustomPropertyTypeMap;false;CustomPropertyTypeMap;(System.Type,System.Func<System.Type,System.String,System.Reflection.PropertyInfo>);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated |
 | Dapper;DynamicParameters;false;Output<T>;(T,System.Linq.Expressions.Expression<System.Func<T,System.Object>>,System.Nullable<System.Data.DbType>,System.Nullable<System.Int32>);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated |
 | Dapper;SqlMapper+GridReader;false;GridReader;(System.Data.IDbCommand,System.Data.Common.DbDataReader,Dapper.SqlMapper+Identity,System.Action<System.Object>,System.Object,System.Boolean,System.Threading.CancellationToken);;Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated |
@@ -16125,4 +16124,3 @@ summary
 | System;ValueTuple<T1>;false;ToString;();;Argument[this];ReturnValue;taint;df-generated |
 | System;ValueTuple<T1>;false;ValueTuple;(T1);;Argument[0];Argument[this].Field[System.ValueTuple`1.Item1];value;manual |
 | System;ValueTuple<T1>;false;get_Item;(System.Int32);;Argument[this].Field[System.ValueTuple`1.Item1];ReturnValue;value;manual |
-neutral

csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected

@@ -2,8 +2,6 @@ import shared.FlowSummaries
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
 class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable {
-  IncludeFilteredSummarizedCallable() { exists(this) }
-
   /**
    * Holds if flow is propagated between `input` and `output` and
    * if there is no summary for a callable in a `base` class or interface
@@ -12,11 +10,13 @@ class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable {
   override predicate relevantSummary(
     SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
   ) {
-    super.propagatesFlow(input, output, preservesValue) and
+    this.propagatesFlow(input, output, preservesValue) and
     not exists(IncludeSummarizedCallable rsc |
       isBaseCallableOrPrototype(rsc) and
       rsc.propagatesFlow(input, output, preservesValue) and
       this.(UnboundCallable).overridesOrImplementsUnbound(rsc)
     )
   }
 }
+
+import TestSummaryOutput<IncludeFilteredSummarizedCallable>

csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql

@@ -170,7 +170,6 @@ summary
 | System.Data.Entity;DbContext;false;SaveChangesAsync;(System.Threading.CancellationToken);;Argument[this].Property[EFTests.MyContext.Persons].Element.Property[EFTests.Person.Id];SyntheticGlobal[EFTests.MyContext.Persons#ReturnValue.Element.Property[EFTests.Person.Id]];value;manual |
 | System.Data.Entity;DbContext;false;SaveChangesAsync;(System.Threading.CancellationToken);;Argument[this].Property[EFTests.MyContext.Persons].Element.Property[EFTests.Person.Name];SyntheticGlobal[EFTests.MyContext.PersonAddresses#ReturnValue.Element.Property[EFTests.PersonAddressMap.Person].Property[EFTests.Person.Name]];value;manual |
 | System.Data.Entity;DbContext;false;SaveChangesAsync;(System.Threading.CancellationToken);;Argument[this].Property[EFTests.MyContext.Persons].Element.Property[EFTests.Person.Name];SyntheticGlobal[EFTests.MyContext.Persons#ReturnValue.Element.Property[EFTests.Person.Name]];value;manual |
-neutral
 sourceNode
 sinkNode
 | EntityFrameworkCore.cs:72:36:72:40 | "sql" | sql-injection |

csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected

@@ -3,8 +3,10 @@ import shared.FlowSummaries
 import semmle.code.csharp.frameworks.EntityFramework::EntityFramework
 import semmle.code.csharp.dataflow.internal.ExternalFlow as ExternalFlow
 
-private class IncludeEFSummarizedCallable extends IncludeSummarizedCallable instanceof EFSummarizedCallable
-{ }
+class RelevantSummarizedCallable extends IncludeSummarizedCallable instanceof EFSummarizedCallable {
+}
+
+import TestSummaryOutput<RelevantSummarizedCallable>
 
 query predicate sourceNode(DataFlow::Node node, string kind) {
   ExternalFlow::sourceNode(node, kind)

csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql

@@ -1,13 +1,20 @@
 import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private
 import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Public
-import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private::TestOutput
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
 
-abstract class IncludeSummarizedCallable extends RelevantSummarizedCallable {
+final private class SummarizedCallableImplFinal = SummarizedCallableImpl;
+
+class IncludeSummarizedCallable extends SummarizedCallableImplFinal {
   IncludeSummarizedCallable() {
     [this.(Modifiable), this.(Accessor).getDeclaration()].isEffectivelyPublic()
   }
 
   /** Gets a string representing the callable in semi-colon separated format for use in flow summaries. */
-  final override string getCallableCsv() { result = asPartialModel(this) }
+  final string getCallableCsv() { result = asPartialModel(this) }
+
+  predicate relevantSummary(
+    SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
+  ) {
+    this.propagatesFlow(input, output, preservesValue)
+  }
 }

csharp/ql/test/shared/FlowSummaries.qll

@@ -299,8 +299,8 @@ predicate hasExternalSpecification(Function f) {
   f = any(SummarizedCallable sc).asFunction()
   or
   exists(SourceSinkInterpretationInput::SourceOrSinkElement e | f = e.asEntity() |
-    SourceSinkInterpretationInput::sourceElement(e, _, _) or
-    SourceSinkInterpretationInput::sinkElement(e, _, _)
+    SourceSinkInterpretationInput::sourceElement(e, _, _, _) or
+    SourceSinkInterpretationInput::sinkElement(e, _, _, _)
   )
 }
 

go/ql/lib/semmle/go/dataflow/ExternalFlow.qll

@@ -103,11 +103,13 @@ module SourceSinkInterpretationInput implements
    * Holds if an external source specification exists for `e` with output specification
    * `output`, kind `kind`, and provenance `provenance`.
    */
-  predicate sourceElement(SourceOrSinkElement e, string output, string kind) {
+  predicate sourceElement(
+    SourceOrSinkElement e, string output, string kind, Public::Provenance provenance
+  ) {
     exists(
       string package, string type, boolean subtypes, string name, string signature, string ext
     |
-      sourceModel(package, type, subtypes, name, signature, ext, output, kind, _) and
+      sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance) and
       e = interpretElement(package, type, subtypes, name, signature, ext)
     )
   }
@@ -116,11 +118,13 @@ module SourceSinkInterpretationInput implements
    * Holds if an external sink specification exists for `e` with input specification
    * `input`, kind `kind` and provenance `provenance`.
    */
-  predicate sinkElement(SourceOrSinkElement e, string input, string kind) {
+  predicate sinkElement(
+    SourceOrSinkElement e, string input, string kind, Public::Provenance provenance
+  ) {
     exists(
       string package, string type, boolean subtypes, string name, string signature, string ext
     |
-      sinkModel(package, type, subtypes, name, signature, ext, input, kind, _) and
+      sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) and
       e = interpretElement(package, type, subtypes, name, signature, ext)
     )
   }

go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll

@@ -192,12 +192,12 @@ module SourceSinkInterpretationInput implements
 
   class Element = J::Element;
 
-  predicate sourceElement(Element e, string output, string kind) {
+  predicate sourceElement(Element e, string output, string kind, Public::Provenance provenance) {
     exists(
       string namespace, string type, boolean subtypes, string name, string signature, string ext,
       SourceOrSinkElement baseSource, string originalOutput
     |
-      sourceModel(namespace, type, subtypes, name, signature, ext, originalOutput, kind, _) and
+      sourceModel(namespace, type, subtypes, name, signature, ext, originalOutput, kind, provenance) and
       baseSource = interpretElement(namespace, type, subtypes, name, signature, ext) and
       (
         e = baseSource and output = originalOutput
@@ -207,12 +207,12 @@ module SourceSinkInterpretationInput implements
     )
   }
 
-  predicate sinkElement(Element e, string input, string kind) {
+  predicate sinkElement(Element e, string input, string kind, Public::Provenance provenance) {
     exists(
       string namespace, string type, boolean subtypes, string name, string signature, string ext,
       SourceOrSinkElement baseSink, string originalInput
     |
-      sinkModel(namespace, type, subtypes, name, signature, ext, originalInput, kind, _) and
+      sinkModel(namespace, type, subtypes, name, signature, ext, originalInput, kind, provenance) and
       baseSink = interpretElement(namespace, type, subtypes, name, signature, ext) and
       (
         e = baseSink and originalInput = input

java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll

@@ -8,7 +8,7 @@ private import ModelEditor
  * A class of effectively public callables from source code.
  */
 class PublicEndpointFromSource extends Endpoint, ModelApi {
-  override predicate isSource() { SourceSinkInterpretationInput::sourceElement(this, _, _) }
+  override predicate isSource() { SourceSinkInterpretationInput::sourceElement(this, _, _, _) }
 
-  override predicate isSink() { SourceSinkInterpretationInput::sinkElement(this, _, _) }
+  override predicate isSink() { SourceSinkInterpretationInput::sinkElement(this, _, _, _) }
 }