Skip to content

Commit

Permalink
Merge pull request #15851 from microsoft/54-csharp-add-missing-mad-fo…
Browse files Browse the repository at this point in the history
…r-httprequestmessage-upstream

csharp update MaD for HttpRequestMessage
  • Loading branch information
michaelnebel authored Mar 8, 2024
2 parents 7c46e9f + 7dd175d commit 36a7755
Show file tree
Hide file tree
Showing 4 changed files with 10 additions and 0 deletions.
Original file line number Diff line number Diff line change
@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The models for `System.Net.Http.HttpRequestMessage` have been modified to better model the flow of tainted URIs.
2 changes: 2 additions & 0 deletions csharp/ql/lib/ext/System.Net.Http.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@ extensions:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.String)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
- ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
- ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
- ["System.Net.Http", "MultipartContent", False, "Add", "(System.Net.Http.HttpContent)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11062,6 +11062,8 @@ summary
| System.Net.Http;HttpMethod;false;HttpMethod;(System.String);;Argument[0];Argument[this];taint;df-generated |
| System.Net.Http;HttpMethod;false;ToString;();;Argument[this];ReturnValue;taint;df-generated |
| System.Net.Http;HttpMethod;false;get_Method;();;Argument[this];ReturnValue;taint;df-generated |
| System.Net.Http;HttpRequestMessage;false;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);;Argument[0];Argument[this];taint;manual |
| System.Net.Http;HttpRequestMessage;false;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);;Argument[1];Argument[this];taint;manual |
| System.Net.Http;HttpRequestMessage;false;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);;Argument[0];Argument[this];taint;df-generated |
| System.Net.Http;HttpRequestMessage;false;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);;Argument[1];Argument[this];taint;df-generated |
| System.Net.Http;HttpRequestMessage;false;ToString;();;Argument[this];ReturnValue;taint;df-generated |
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9414,6 +9414,8 @@ summary
| System.Net.Http;HttpMethod;false;HttpMethod;(System.String);;Argument[0];Argument[this];taint;df-generated |
| System.Net.Http;HttpMethod;false;ToString;();;Argument[this];ReturnValue;taint;df-generated |
| System.Net.Http;HttpMethod;false;get_Method;();;Argument[this];ReturnValue;taint;df-generated |
| System.Net.Http;HttpRequestMessage;false;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);;Argument[0];Argument[this];taint;manual |
| System.Net.Http;HttpRequestMessage;false;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);;Argument[1];Argument[this];taint;manual |
| System.Net.Http;HttpRequestMessage;false;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);;Argument[0];Argument[this];taint;df-generated |
| System.Net.Http;HttpRequestMessage;false;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);;Argument[1];Argument[this];taint;df-generated |
| System.Net.Http;HttpRequestMessage;false;ToString;();;Argument[this];ReturnValue;taint;df-generated |
Expand Down

0 comments on commit 36a7755

Please sign in to comment.