From 6c3345e31aed08de8d0ca42141a7fe9e4dba84fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= Date: Wed, 16 Jul 2025 10:38:05 +0200 Subject: [PATCH 1/5] [DIFF-INFORMED] C#: ConditionalBypass https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/csharp/ql/src/Security%20Features/CWE-807/ConditionalBypass.ql#L22 --- .../csharp/security/dataflow/ConditionalBypassQuery.qll | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll index f92bb0d2f44a..ee345780654d 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ConditionalBypassQuery.qll @@ -39,6 +39,15 @@ private module ConditionalBypassConfig implements DataFlow::ConfigSig { predicate isSink(DataFlow::Node sink) { sink instanceof Sink } predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate observeDiffInformedIncrementalMode() { any() } + + Location getASelectedSinkLocation(DataFlow::Node sink) { + result = sink.getLocation() + or + // from ConditionalBypass.ql + result = sink.(Sink).getSensitiveMethodCall().getLocation() + } } /** From ac27b420dd7e2be1370adfa5b37ab273cd1f76d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= Date: Wed, 16 Jul 2025 10:39:35 +0200 Subject: [PATCH 2/5] [DIFF-INFORMED] C#: ExternalAPIs https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/csharp/ql/src/Security%20Features/CWE-020/UntrustedDataToExternalAPI.ql#L23 --- .../semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll | 2 ++ 1 file changed, 2 insertions(+) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll index f1a64f6810b8..419296fcc233 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll @@ -78,6 +78,8 @@ private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source instanceof ActiveThreatModelSource } predicate isSink(DataFlow::Node sink) { sink instanceof ExternalApiDataNode } + + predicate observeDiffInformedIncrementalMode() { any() } } /** A module for tracking flow from `ActiveThreatModelSource`s to `ExternalApiDataNode`s. */ From d556fc81a08d003312f2da102cc7f07dd3ecf25c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= Date: Wed, 16 Jul 2025 10:40:56 +0200 Subject: [PATCH 3/5] [DIFF-INFORMED] C#: UnsafeDeserializationQuery https://github.com/d10c/codeql/blob/57c8b6e2299f5d6e991bd1a198a58692b6d6e016/csharp/ql/src/Security%20Features/CWE-502/UnsafeDeserializationUntrustedInput.ql#L59 --- .../dataflow/UnsafeDeserializationQuery.qll | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll index 5d9d18dcbac6..27f6ab6935f7 100644 --- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll +++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/UnsafeDeserializationQuery.qll @@ -59,6 +59,10 @@ private module TaintToObjectMethodTrackingConfig implements DataFlow::ConfigSig predicate isSink(DataFlow::Node sink) { sink instanceof InstanceMethodSink } predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate observeDiffInformedIncrementalMode() { + any() // used in one of the disjuncts in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -77,6 +81,10 @@ private module JsonConvertTrackingConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate observeDiffInformedIncrementalMode() { + any() // used in one of the disjuncts in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -133,6 +141,10 @@ private module TypeNameTrackingConfig implements DataFlow::ConfigSig { ) ) } + + predicate observeDiffInformedIncrementalMode() { + none() // Only used as secondary config in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -149,6 +161,10 @@ private module TaintToConstructorOrStaticMethodTrackingConfig implements DataFlo predicate isSink(DataFlow::Node sink) { sink instanceof ConstructorOrStaticMethodSink } predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer } + + predicate observeDiffInformedIncrementalMode() { + any() // used in one of the disjuncts in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -186,6 +202,10 @@ private module TaintToObjectTypeTrackingConfig implements DataFlow::ConfigSig { oc.getObjectType() instanceof StrongTypeDeserializer ) } + + predicate observeDiffInformedIncrementalMode() { + none() // only used as secondary config in UnsafeDeserializationUntrustedInput.ql + } } /** @@ -210,6 +230,10 @@ private module WeakTypeCreationToUsageTrackingConfig implements DataFlow::Config sink.asExpr() = mc.getQualifier() ) } + + predicate observeDiffInformedIncrementalMode() { + none() // only used as secondary config in UnsafeDeserializationUntrustedInput.ql + } } /** From 1f5d85384ea66c5cf8156499467f3e8335725e25 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= Date: Wed, 16 Jul 2025 10:42:09 +0200 Subject: [PATCH 4/5] [DIFF-INFORMED] C#: ThreadUnsafeCryptoTransformLambda --- csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql | 2 ++ 1 file changed, 2 insertions(+) diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql index 9f70760ba602..8fcef4d4744f 100644 --- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql +++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransformLambda.ql @@ -24,6 +24,8 @@ module NotThreadSafeCryptoUsageIntoParallelInvokeConfig implements DataFlow::Con } predicate isSink(DataFlow::Node sink) { sink instanceof ParallelSink } + + predicate observeDiffInformedIncrementalMode() { any() } } module NotThreadSafeCryptoUsageIntoParallelInvoke = From 40aac5ef592e245b8a3f5d04d9d3a304f7af1144 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= Date: Wed, 16 Jul 2025 10:42:36 +0200 Subject: [PATCH 5/5] [DIFF-INFORMED] C#: HardcodedConnectionString --- .../Security Features/CWE-798/HardcodedConnectionString.ql | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql b/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql index 32508fa9d3fb..1e33ed6a1fde 100644 --- a/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql +++ b/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql @@ -38,6 +38,12 @@ module ConnectionStringConfig implements DataFlow::ConfigSig { } predicate isBarrier(DataFlow::Node node) { node instanceof StringFormatSanitizer } + + predicate observeDiffInformedIncrementalMode() { any() } + + Location getASelectedSinkLocation(DataFlow::Node sink) { + any(Call call | call.getAnArgument() = sink.asExpr()).getLocation() = result + } } /** pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy