[csharp] How to add a flow step with a separate class #20090
Unanswered
KseniiaSmirn0va
asked this question in
Q&A
Replies: 1 comment
-
|
Here are the latest docs for library modelling -- apologies for the out-of-date reference to the old way of doing things; I'll pass that onto the team: https://codeql.github.com/docs/codeql-language-guides/customizing-library-models-for-csharp/ |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
I'm facing a problem with csharp global data flow. It breaks at property accessors:
Because of this problem, codeql build-in queries sometimes fail to build proper flow between a source and a sink.
To fix this problem, I could add
default predicate isAdditionalFlowStep(Node node1, Node node2)into sql/ssrf/xss/... queries, as was suggested in #19794 but it's cumbersome in my case.I'd prefer to create a single class in a customization
.qllfile which would add the missing flowstep throughout codeql. This mechanism is claimed to be already available https://codeql.github.com/docs/codeql-language-guides/analyzing-data-flow-in-csharp/#extending-library-data-flow, but it isn't))There is no such predicate as
callableFlow()in the source code of codeql latest versions.Could you tell me how to create an additional flow step so that it is recognized by the global dataflow across codeql, please?
My codeql version is 2.21.0
Beta Was this translation helpful? Give feedback.
All reactions