Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP: C#: Add initial support for Blazor #17355

Draft
wants to merge 9 commits into
base: main
Choose a base branch
from
Draft

WIP: C#: Add initial support for Blazor #17355

wants to merge 9 commits into from

Conversation

tamasvajk
Copy link
Contributor

No description provided.

@github-actions github-actions bot added the C# label Sep 3, 2024
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Sep 3, 2024
edited
Loading

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

csharp

Generated file changes for csharp

  • Changes to framework-coverage-csharp.rst:
-    Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",57,1821,148,
+    Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",57,1824,150,2
-    Totals,,104,12454,396,5
+    Totals,,104,12457,398,7
  • Changes to framework-coverage-csharp.csv:
+ Microsoft.AspNetCore.Components,2,,3,,,,,,,2,,,,,,,,,,,,2,1

github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 4, 2024
View reviewed changes
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Blazor.qll
/** Provides classes for working with `Microsoft.AspNetCore.Components`. */

import csharp
import semmle.code.csharp.frameworks.Microsoft

Check warning

Code scanning / CodeQL

Redundant import Warning

Redundant import, the module is already imported inside
semmle.code.csharp.frameworks.microsoft.AspNetCore
Loading
.
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 5, 2024
View reviewed changes
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Blazor.qll Fixed Show fixed Hide fixed
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Blazor.qll
// - if there's no custom `ValueChanged` handler defined on the `InputText` component, such as `<InputText Value="@InputValue1" ValueChanged="HandleChange" />` or
// - if `@bind-Value` is used on the component. In case of `<InputText Value="@InputValue1" />`, there's only one way binding.
private class InputBaseValuePropertyJumpNode extends DataFlow::NonLocalJumpNode {
Component c;

Check notice

Code scanning / CodeQL

Field only used in CharPred Note

Field is only used in CharPred.
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 6, 2024
View reviewed changes
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Blazor.qll
predicate hasAddComponentParameter(
MethodCall addCall, ValueOrRefType componentType, Property p, Expr value
) {
exists(int i, int j, int k, MethodCall openCall, Callable enclosing |

Check warning

Code scanning / CodeQL

Omittable 'exists' variable Warning

This exists variable can be omitted by using a don't-care expression
in this argument
Loading
.
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Blazor.qll Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 9, 2024
View reviewed changes
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Blazor.qll

private class ComponentPropertyAssignmentJumpNode extends DataFlow::NonLocalJumpNode {
Property p;
MethodCall mc;

Check notice

Code scanning / CodeQL

Field only used in CharPred Note

Field is only used in CharPred.
github-advanced-security[bot]
github-advanced-security bot found potential problems Sep 11, 2024
View reviewed changes
csharp/ql/integration-tests/all-platforms/blazor/inFlow.ql
private import semmle.code.csharp.frameworks.microsoft.Blazor as Blazor

module TaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { Blazor::Helpers::isInflowSource(_, source.asExpr()) }

Check warning

Code scanning / CodeQL

Dead code Warning

This code is never used, and it's not publicly exported.
csharp/ql/integration-tests/all-platforms/blazor/inFlow.ql
module TaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { Blazor::Helpers::isInflowSource(_, source.asExpr()) }

predicate isSink(DataFlow::Node sink) {

Check warning

Code scanning / CodeQL

Dead code Warning

This code is never used, and it's not publicly exported.
csharp/ql/integration-tests/all-platforms/blazor/inFlow.ql
Blazor::Helpers::isComponentParameterRead(sink.asExpr(), _)
}

predicate includeHiddenNodes() { any() }

Check warning

Code scanning / CodeQL

Dead code Warning

This code is never used, and it's not publicly exported.
csharp/ql/integration-tests/all-platforms/blazor/inFlow.ql

from Taint::PathNode source, Taint::PathNode sink
where Taint::flowPath(source, sink)
select sink, source, sink, "$@", source, source.toString()

Check warning

Code scanning / CodeQL

Alert message style violation Warning

Alert message should end with a full stop.
csharp/ql/integration-tests/all-platforms/blazor/outFlow.ql
private import semmle.code.csharp.frameworks.microsoft.Blazor as Blazor

module TaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {

Check warning

Code scanning / CodeQL

Dead code Warning

This code is never used, and it's not publicly exported.
csharp/ql/integration-tests/all-platforms/blazor/outFlow.ql
Blazor::Helpers::isOutflowSource(_, source.asParameter())
}

predicate isSink(DataFlow::Node sink) {

Check warning

Code scanning / CodeQL

Dead code Warning

This code is never used, and it's not publicly exported.
csharp/ql/integration-tests/all-platforms/blazor/outFlow.ql
sink.asExpr() instanceof Access
}

predicate includeHiddenNodes() { any() }

Check warning

Code scanning / CodeQL

Dead code Warning

This code is never used, and it's not publicly exported.
csharp/ql/integration-tests/all-platforms/blazor/outFlow.ql

from Taint::PathNode source, Taint::PathNode sink
where Taint::flowPath(source, sink)
select sink, source, sink, "$@", source, source.toString()

Check warning

Code scanning / CodeQL

Alert message style violation Warning

Alert message should end with a full stop.
csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/Blazor.qll
// from `"Param1Changed"` in `__builder.AddComponentParameter(133, "Param1Changed", TypeCheck<>(EventCallback.Factory.Create<>(this, (s) => {})))`
// to `s` in `(s) => {}`
private class ComponentEventCallbackJumpNode2 extends DataFlow::NonLocalJumpNode {
Property p;

Check notice

Code scanning / CodeQL

Field only used in CharPred Note

Field is only used in CharPred.
@tamasvajk tamasvajk changed the title WIP: C#: Add integration test with Blazor app WIP: C#: Add initial support for Blazor Sep 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
C#
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tamasvajk