-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Dataflow: Add support for pretty-printed alert provenance in tests #16210
Changes from all commits
4ec4da4
0e8d72c
a26c01d
5d51b5b
68ddae2
0c47203
7e980d9
9b1e4d7
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -98,6 +98,44 @@ private import semmle.code.csharp.dispatch.OverridableCallable | |
private import semmle.code.csharp.frameworks.System | ||
private import codeql.mad.ModelValidation as SharedModelVal | ||
|
||
/** | ||
* Holds if the given extension tuple `madId` should pretty-print as `model`. | ||
* | ||
* This predicate should only be used in tests. | ||
*/ | ||
predicate interpretModelForTest(QlBuiltins::ExtensionId madId, string model) { | ||
exists( | ||
string namespace, string type, boolean subtypes, string name, string signature, string ext, | ||
string output, string kind, string provenance | ||
| | ||
sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance, madId) and | ||
model = | ||
"Source: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " | ||
+ ext + "; " + output + "; " + kind + "; " + provenance | ||
) | ||
or | ||
exists( | ||
string namespace, string type, boolean subtypes, string name, string signature, string ext, | ||
string input, string kind, string provenance | ||
| | ||
sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance, madId) and | ||
model = | ||
"Sink: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + "; " + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same comment |
||
ext + "; " + input + "; " + kind + "; " + provenance | ||
) | ||
or | ||
exists( | ||
string namespace, string type, boolean subtypes, string name, string signature, string ext, | ||
string input, string output, string kind, string provenance | ||
| | ||
summaryModel(namespace, type, subtypes, name, signature, ext, input, output, kind, provenance, | ||
madId) and | ||
model = | ||
"Summary: " + namespace + "; " + type + "; " + subtypes + "; " + name + "; " + signature + | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. same comment |
||
"; " + ext + "; " + input + "; " + output + "; " + kind + "; " + provenance | ||
) | ||
} | ||
|
||
private predicate relevantNamespace(string namespace) { | ||
sourceModel(namespace, _, _, _, _, _, _, _, _, _) or | ||
sinkModel(namespace, _, _, _, _, _, _, _, _, _) or | ||
|
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
/** | ||
* @kind path-problem | ||
*/ | ||
|
||
import csharp | ||
import semmle.code.csharp.security.dataflow.ConditionalBypassQuery | ||
import codeql.dataflow.test.ProvenancePathGraph | ||
import semmle.code.csharp.dataflow.internal.ExternalFlow | ||
import ShowProvenance<interpretModelForTest/2, ConditionalBypass::PathNode, ConditionalBypass::PathGraph> | ||
|
||
from ConditionalBypass::PathNode source, ConditionalBypass::PathNode sink | ||
where ConditionalBypass::flowPath(source, sink) | ||
select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.", | ||
sink.getNode().(Sink).getSensitiveMethodCall(), "action", source.getNode(), "user-provided value" |
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
/** | ||
* @kind path-problem | ||
*/ | ||
|
||
import go | ||
import semmle.go.security.TaintedPath | ||
import codeql.dataflow.test.ProvenancePathGraph | ||
import semmle.go.dataflow.ExternalFlow | ||
import ShowProvenance<interpretModelForTest/2, TaintedPath::Flow::PathNode, TaintedPath::Flow::PathGraph> | ||
|
||
from TaintedPath::Flow::PathNode source, TaintedPath::Flow::PathNode sink | ||
where TaintedPath::Flow::flowPath(source, sink) | ||
select sink.getNode(), source, sink, "This path depends on a $@.", source.getNode(), | ||
"user-provided value" |
This file was deleted.
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,14 @@ | ||
/** | ||
* @kind path-problem | ||
*/ | ||
|
||
import java | ||
import semmle.code.java.security.HttpsUrlsQuery | ||
import codeql.dataflow.test.ProvenancePathGraph | ||
import semmle.code.java.dataflow.ExternalFlow | ||
import ShowProvenance<interpretModelForTest/2, HttpStringToUrlOpenMethodFlow::PathNode, HttpStringToUrlOpenMethodFlow::PathGraph> | ||
|
||
from HttpStringToUrlOpenMethodFlow::PathNode source, HttpStringToUrlOpenMethodFlow::PathNode sink | ||
where HttpStringToUrlOpenMethodFlow::flowPath(source, sink) | ||
select sink.getNode(), source, sink, "URL may have been constructed with HTTP protocol, using $@.", | ||
source.getNode(), "this HTTP URL" |
This file was deleted.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe just use
;
as separator (this is what we typically do in other places we print models).There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This string is only for inclusion in test output, and I found that it was more readable with the space included. Originally, before we had MaD rows in external yml files, I went with the no-space separation for the QL embedded csv rows in the name of compactness, but that's not relevant here.