forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathConstructors.cs
More file actions
170 lines (139 loc) · 3.48 KB
/
Constructors.cs
File metadata and controls
170 lines (139 loc) · 3.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
public class Constructors
{
public class C_no_ctor
{
private object s1 = Source<object>(1);
void M1()
{
C_no_ctor c = new C_no_ctor();
c.M2();
}
public void M2()
{
Sink(s1); // $ hasValueFlow=1
}
}
public class C_with_ctor
{
private object s1 = Source<object>(1);
void M1()
{
C_with_ctor c = new C_with_ctor();
c.M2();
}
public C_with_ctor() { }
public void M2()
{
Sink(s1); // $ hasValueFlow=1
}
}
public class C1
{
public object Obj;
public C1(object o) => Obj = o;
}
public class C2(object o21param, object o22param)
{
public object Obj21 = o21param;
public object Obj22 => o22param;
public object Obj23 => Obj21;
public void SetObj(object o)
{
o22param = o;
}
private void SetObjOut(out object o1, object o2)
{
o1 = o2;
}
public void SetObjViaOut(object o)
{
SetObjOut(out o22param, o);
}
}
public void M1()
{
var o = Source<object>(1);
var c1 = new C1(o);
Sink(c1.Obj); // $ hasValueFlow=1
}
public void M2()
{
var o21 = Source<object>(2);
var o22 = Source<object>(3);
var c2 = new C2(o21, o22);
Sink(c2.Obj21); // $ hasValueFlow=2
Sink(c2.Obj22); // $ hasValueFlow=3
Sink(c2.Obj23); // $ hasValueFlow=2
}
public void M3()
{
var c2 = new C2(new object(), new object());
Sink(c2.Obj21); // No flow
Sink(c2.Obj22); // No flow
Sink(c2.Obj23); // No flow
var taint = Source<object>(4);
c2.SetObj(taint);
Sink(c2.Obj22); // $ hasValueFlow=4
}
public void M4()
{
var c2 = new C2(new object(), new object());
var taint = Source<object>(5);
c2.SetObjViaOut(taint);
Sink(c2.Obj22); // $ hasValueFlow=5
}
public class C3(object o31param)
{
public object Obj31 => o31param;
}
public void M5()
{
var o31 = Source<object>(6);
var c3 = new C3(o31);
Sink(c3.Obj31); // $ hasValueFlow=6
}
public class C4
{
public object Obj1 { get; init; }
public object Obj2 { get; }
public C4(object oc1, object oc2)
{
Obj1 = oc1;
Obj2 = oc2;
}
}
public void M6()
{
var o1 = Source<object>(7);
var o2 = Source<object>(8);
var c4 = new C4(o1, o2);
Sink(c4.Obj1); // $ hasValueFlow=7
Sink(c4.Obj2); // $ hasValueFlow=8
}
public record R1(object Obj1, object Obj2);
public void M7()
{
var o1 = Source<object>(9);
var o2 = Source<object>(10);
var r1 = new R1(o1, o2);
Sink(r1.Obj1); // $ hasValueFlow=9
Sink(r1.Obj2); // $ hasValueFlow=10
}
public partial class CPartial
{
public object Obj { get; }
public partial CPartial(object o);
}
public partial class CPartial
{
public partial CPartial(object o) => Obj = o;
}
public void M8()
{
var o = Source<object>(11);
var cPartial = new CPartial(o);
Sink(cPartial.Obj); // $ hasValueFlow=11
}
public static void Sink(object o) { }
public static T Source<T>(object source) => throw null;
}