Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 1c93e53

Browse filesBrowse files
michaelnebelmichaelnebel
authored
Merge pull request #19142 from microsoft/csharp-update-MaD-Uri-upstream
csharp update MaD for System.Uri
2 parents 4dfe759 + cc76cdb commit 1c93e53
Copy full SHA for 1c93e53

File tree

4 files changed

+46
-20
lines changed
Filter options

4 files changed

+46
-20
lines changed

‎csharp/ql/lib/change-notes/2025-03-27-update-system.uri-model.md

Copy file name to clipboard
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* The models for `System.Uri` have been modified to better model the flow of tainted URIs.

‎csharp/ql/lib/ext/System.model.yml

Copy file name to clipboardExpand all lines: csharp/ql/lib/ext/System.model.yml
+14Lines changed: 14 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -778,9 +778,23 @@ extensions:
778778
- ["System", "TupleExtensions", False, "Deconstruct<T1,T2>", "(System.Tuple<T1,T2>,T1,T2)", "", "Argument[0].Property[System.Tuple`2.Item2]", "Argument[2]", "value", "manual"]
779779
- ["System", "TupleExtensions", False, "Deconstruct<T1>", "(System.Tuple<T1>,T1)", "", "Argument[0].Property[System.Tuple`1.Item1]", "Argument[1]", "value", "manual"]
780780
- ["System", "Uri", False, "ToString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
781+
- ["System", "Uri", False, "TryCreate", "(System.String,System.UriCreationOptions,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
782+
- ["System", "Uri", False, "TryCreate", "(System.String,System.UriKind,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
783+
- ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
784+
- ["System", "Uri", False, "TryCreate", "(System.Uri,System.String,System.Uri)", "", "Argument[1]", "Argument[2]", "taint", "manual"]
785+
- ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
786+
- ["System", "Uri", False, "TryCreate", "(System.Uri,System.Uri,System.Uri)", "", "Argument[1]", "Argument[2]", "taint", "manual"]
781787
- ["System", "Uri", False, "Uri", "(System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
782788
- ["System", "Uri", False, "Uri", "(System.String,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
783789
- ["System", "Uri", False, "Uri", "(System.String,System.UriKind)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
790+
- ["System", "Uri", False, "Uri", "(System.String,System.UriCreationOptions)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
791+
- ["System", "Uri", False, "Uri", "(System.Uri,System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
792+
- ["System", "Uri", False, "Uri", "(System.Uri,System.String)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
793+
- ["System", "Uri", False, "Uri", "(System.Uri,System.String,System.Boolean)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
794+
- ["System", "Uri", False, "Uri", "(System.Uri,System.String,System.Boolean)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
795+
- ["System", "Uri", False, "get_AbsoluteUri", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
796+
- ["System", "Uri", False, "get_DnsSafeHost", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
797+
- ["System", "Uri", False, "get_LocalPath", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
784798
- ["System", "Uri", False, "get_OriginalString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
785799
- ["System", "Uri", False, "get_PathAndQuery", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
786800
- ["System", "Uri", False, "get_Query", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]

‎csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected

Copy file name to clipboardExpand all lines: csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected
+14-10Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -23466,29 +23466,33 @@ summary
2346623466
| System;Uri;ToString;();Argument[this];ReturnValue;taint;manual |
2346723467
| System;Uri;ToString;(System.String,System.IFormatProvider);Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated |
2346823468
| System;Uri;ToString;(System.String,System.IFormatProvider);Argument[this];ReturnValue;taint;dfc-generated |
23469-
| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
23470-
| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
23471-
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
23472-
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];ReturnValue;taint;df-generated |
23473-
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];ReturnValue;taint;df-generated |
23469+
| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];Argument[2];taint;manual |
23470+
| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];Argument[2];taint;manual |
23471+
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[0];Argument[2];taint;manual |
23472+
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];Argument[2];taint;manual |
23473+
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];Argument[2];taint;manual |
23474+
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];Argument[2];taint;manual |
2347423475
| System;Uri;TryEscapeDataString;(System.ReadOnlySpan<System.Char>,System.Span<System.Char>,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated |
2347523476
| System;Uri;TryUnescapeDataString;(System.ReadOnlySpan<System.Char>,System.Span<System.Char>,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated |
2347623477
| System;Uri;UnescapeDataString;(System.ReadOnlySpan<System.Char>);Argument[0].Element;ReturnValue;taint;dfc-generated |
2347723478
| System;Uri;UnescapeDataString;(System.String);Argument[0];ReturnValue;value;dfc-generated |
2347823479
| System;Uri;Uri;(System.String);Argument[0];Argument[this];taint;manual |
2347923480
| System;Uri;Uri;(System.String,System.Boolean);Argument[0];Argument[this];taint;manual |
23480-
| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
23481+
| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this];taint;manual |
2348123482
| System;Uri;Uri;(System.String,System.UriKind);Argument[0];Argument[this];taint;manual |
23482-
| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
23483-
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
23483+
| System;Uri;Uri;(System.Uri,System.String);Argument[0];Argument[this];taint;manual |
23484+
| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this];taint;manual |
23485+
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[0];Argument[this];taint;manual |
23486+
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this];taint;manual |
2348423487
| System;Uri;Uri;(System.Uri,System.Uri);Argument[0];Argument[this];taint;df-generated |
2348523488
| System;Uri;Uri;(System.Uri,System.Uri);Argument[1];Argument[this];taint;df-generated |
2348623489
| System;Uri;get_AbsolutePath;();Argument[this];ReturnValue;taint;df-generated |
23490+
| System;Uri;get_AbsoluteUri;();Argument[this];ReturnValue;taint;manual |
2348723491
| System;Uri;get_Authority;();Argument[this];ReturnValue;taint;df-generated |
23488-
| System;Uri;get_DnsSafeHost;();Argument[this].Property[System.Uri.IdnHost];ReturnValue;value;dfc-generated |
23492+
| System;Uri;get_DnsSafeHost;();Argument[this];ReturnValue;taint;manual |
2348923493
| System;Uri;get_Host;();Argument[this];ReturnValue;taint;df-generated |
2349023494
| System;Uri;get_IdnHost;();Argument[this];ReturnValue;taint;df-generated |
23491-
| System;Uri;get_LocalPath;();Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated |
23495+
| System;Uri;get_LocalPath;();Argument[this];ReturnValue;taint;manual |
2349223496
| System;Uri;get_OriginalString;();Argument[this];ReturnValue;taint;manual |
2349323497
| System;Uri;get_PathAndQuery;();Argument[this];ReturnValue;taint;manual |
2349423498
| System;Uri;get_Query;();Argument[this];ReturnValue;taint;manual |

‎csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected

Copy file name to clipboardExpand all lines: csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected
+14-10Lines changed: 14 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -18122,29 +18122,33 @@
1812218122
| System;Uri;MakeRelativeUri;(System.Uri);Argument[0];ReturnValue;taint;df-generated |
1812318123
| System;Uri;ToString;();Argument[this];ReturnValue;taint;manual |
1812418124
| System;Uri;ToString;(System.String,System.IFormatProvider);Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated |
18125-
| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
18126-
| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
18127-
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];ReturnValue.SyntheticField[System.Uri._string];value;dfc-generated |
18128-
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];ReturnValue;taint;df-generated |
18129-
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];ReturnValue;taint;df-generated |
18125+
| System;Uri;TryCreate;(System.String,System.UriCreationOptions,System.Uri);Argument[0];Argument[2];taint;manual |
18126+
| System;Uri;TryCreate;(System.String,System.UriKind,System.Uri);Argument[0];Argument[2];taint;manual |
18127+
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[0];Argument[2];taint;manual |
18128+
| System;Uri;TryCreate;(System.Uri,System.String,System.Uri);Argument[1];Argument[2];taint;manual |
18129+
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[0];Argument[2];taint;manual |
18130+
| System;Uri;TryCreate;(System.Uri,System.Uri,System.Uri);Argument[1];Argument[2];taint;manual |
1813018131
| System;Uri;TryEscapeDataString;(System.ReadOnlySpan<System.Char>,System.Span<System.Char>,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated |
1813118132
| System;Uri;TryUnescapeDataString;(System.ReadOnlySpan<System.Char>,System.Span<System.Char>,System.Int32);Argument[0].Element;Argument[1].Element;value;dfc-generated |
1813218133
| System;Uri;UnescapeDataString;(System.ReadOnlySpan<System.Char>);Argument[0].Element;ReturnValue;taint;dfc-generated |
1813318134
| System;Uri;UnescapeDataString;(System.String);Argument[0];ReturnValue;value;dfc-generated |
1813418135
| System;Uri;Uri;(System.String);Argument[0];Argument[this];taint;manual |
1813518136
| System;Uri;Uri;(System.String,System.Boolean);Argument[0];Argument[this];taint;manual |
18136-
| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
18137+
| System;Uri;Uri;(System.String,System.UriCreationOptions);Argument[0];Argument[this];taint;manual |
1813718138
| System;Uri;Uri;(System.String,System.UriKind);Argument[0];Argument[this];taint;manual |
18138-
| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
18139-
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this].SyntheticField[System.Uri._string];value;dfc-generated |
18139+
| System;Uri;Uri;(System.Uri,System.String);Argument[0];Argument[this];taint;manual |
18140+
| System;Uri;Uri;(System.Uri,System.String);Argument[1];Argument[this];taint;manual |
18141+
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[0];Argument[this];taint;manual |
18142+
| System;Uri;Uri;(System.Uri,System.String,System.Boolean);Argument[1];Argument[this];taint;manual |
1814018143
| System;Uri;Uri;(System.Uri,System.Uri);Argument[0];Argument[this];taint;df-generated |
1814118144
| System;Uri;Uri;(System.Uri,System.Uri);Argument[1];Argument[this];taint;df-generated |
1814218145
| System;Uri;get_AbsolutePath;();Argument[this];ReturnValue;taint;df-generated |
18146+
| System;Uri;get_AbsoluteUri;();Argument[this];ReturnValue;taint;manual |
1814318147
| System;Uri;get_Authority;();Argument[this];ReturnValue;taint;df-generated |
18144-
| System;Uri;get_DnsSafeHost;();Argument[this].Property[System.Uri.IdnHost];ReturnValue;value;dfc-generated |
18148+
| System;Uri;get_DnsSafeHost;();Argument[this];ReturnValue;taint;manual |
1814518149
| System;Uri;get_Host;();Argument[this];ReturnValue;taint;df-generated |
1814618150
| System;Uri;get_IdnHost;();Argument[this];ReturnValue;taint;df-generated |
18147-
| System;Uri;get_LocalPath;();Argument[this].SyntheticField[System.Uri._string];ReturnValue;value;dfc-generated |
18151+
| System;Uri;get_LocalPath;();Argument[this];ReturnValue;taint;manual |
1814818152
| System;Uri;get_OriginalString;();Argument[this];ReturnValue;taint;manual |
1814918153
| System;Uri;get_PathAndQuery;();Argument[this];ReturnValue;taint;manual |
1815018154
| System;Uri;get_Query;();Argument[this];ReturnValue;taint;manual |

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.