Merge pull request github#18694 from microsoft/csharp-update-MaD-upstream

C#: update MaD for HttpRequestMessage and UriBuilder

Author: michaelnebel

csharp/ql/lib/change-notes/2025-02-05-update-system.net.http.httprequestmessage-and-system.uribuilder-models.md

@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The models for `System.Net.Http.HttpRequestMessage` and `System.UriBuilder` have been modified to better model the flow of tainted URIs.

csharp/ql/lib/ext/System.Net.Http.model.yml

@@ -10,6 +10,8 @@ extensions:
     data:
       - ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
       - ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.String)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
+      - ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["System.Net.Http", "HttpRequestMessage", False, "HttpRequestMessage", "(System.Net.Http.HttpMethod,System.Uri)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
       - ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Key]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]", "value", "manual"]
       - ["System.Net.Http", "HttpRequestOptions", False, "Add", "(System.Collections.Generic.KeyValuePair<System.String,System.Object>)", "", "Argument[0].Property[System.Collections.Generic.KeyValuePair`2.Value]", "Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]", "value", "manual"]
       - ["System.Net.Http", "MultipartContent", False, "Add", "(System.Net.Http.HttpContent)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]

csharp/ql/lib/ext/System.model.yml

@@ -784,6 +784,24 @@ extensions:
       - ["System", "Uri", False, "get_OriginalString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System", "Uri", False, "get_PathAndQuery", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["System", "Uri", False, "get_Query", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["System", "UriBuilder", False, "ToString", "()", "", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.UserName,System.UriBuilder.Password,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "ReturnValue", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.Uri)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32)", "", "Argument[2]", "Argument[this].Property[System.UriBuilder.Port]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[2]", "Argument[this].Property[System.UriBuilder.Port]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String)", "", "Argument[3]", "Argument[this].Property[System.UriBuilder.Path]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[0]", "Argument[this].Property[System.UriBuilder.Scheme]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[1]", "Argument[this].Property[System.UriBuilder.Host]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[2]", "Argument[this].Property[System.UriBuilder.Port]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[3]", "Argument[this].Property[System.UriBuilder.Path]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "UriBuilder", "(System.String,System.String,System.Int32,System.String,System.String)", "", "Argument[4]", "Argument[this].Property[System.UriBuilder.Query,System.UriBuilder.Fragment]", "taint", "manual"]
+      - ["System", "UriBuilder", False, "get_Uri", "()", "", "Argument[this].Property[System.UriBuilder.Scheme,System.UriBuilder.UserName,System.UriBuilder.Password,System.UriBuilder.Host,System.UriBuilder.Port,System.UriBuilder.Path,System.UriBuilder.Query,System.UriBuilder.Fragment]", "ReturnValue", "taint", "manual"]
       - ["System", "ValueTuple", False, "Create<T1,T2,T3,T4,T5,T6,T7,T8>", "(T1,T2,T3,T4,T5,T6,T7,T8)", "", "Argument[0]", "ReturnValue.Field[System.ValueTuple`8.Item1]", "value", "manual"]
       - ["System", "ValueTuple", False, "Create<T1,T2,T3,T4,T5,T6,T7,T8>", "(T1,T2,T3,T4,T5,T6,T7,T8)", "", "Argument[1]", "ReturnValue.Field[System.ValueTuple`8.Item2]", "value", "manual"]
       - ["System", "ValueTuple", False, "Create<T1,T2,T3,T4,T5,T6,T7,T8>", "(T1,T2,T3,T4,T5,T6,T7,T8)", "", "Argument[2]", "ReturnValue.Field[System.ValueTuple`8.Item3]", "value", "manual"]

csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected

@@ -14702,8 +14702,8 @@ summary
 | System.Net.Http;HttpRequestException;HttpRequestException;(System.String,System.Exception,System.Nullable<System.Net.HttpStatusCode>);Argument[2];Argument[this].Property[System.Net.Http.HttpRequestException.StatusCode];value;dfc-generated |
 | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);Argument[0];Argument[this];taint;manual |
 | System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.String);Argument[1];Argument[this];taint;manual |
-| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[0];Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method];value;dfc-generated |
-| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[1];Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri];value;dfc-generated |
+| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[0];Argument[this];taint;manual |
+| System.Net.Http;HttpRequestMessage;HttpRequestMessage;(System.Net.Http.HttpMethod,System.Uri);Argument[1];Argument[this];taint;manual |
 | System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._method];ReturnValue;taint;dfc-generated |
 | System.Net.Http;HttpRequestMessage;ToString;();Argument[this].SyntheticField[System.Net.Http.HttpRequestMessage._requestUri];ReturnValue;taint;dfc-generated |
 | System.Net.Http;HttpRequestMessage;get_Properties;();Argument[this].Property[System.Net.Http.HttpRequestMessage.Options];ReturnValue;value;dfc-generated |
@@ -23494,13 +23494,49 @@ summary
 | System;Uri;get_Query;();Argument[this];ReturnValue;taint;manual |
 | System;Uri;get_Scheme;();Argument[this];ReturnValue;taint;df-generated |
 | System;Uri;get_UserInfo;();Argument[this];ReturnValue;taint;df-generated |
-| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].SyntheticField[System.UriBuilder._uri];taint;dfc-generated |
-| System;UriBuilder;UriBuilder;(System.String,System.String);Argument[0];Argument[this];taint;df-generated |
-| System;UriBuilder;UriBuilder;(System.String,System.String);Argument[1];Argument[this];taint;df-generated |
-| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[3];Argument[this];taint;df-generated |
-| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[4];Argument[this];taint;df-generated |
-| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].SyntheticField[System.UriBuilder._uri];value;dfc-generated |
-| System;UriBuilder;get_Uri;();Argument[this].SyntheticField[System.UriBuilder._uri];ReturnValue;value;dfc-generated |
+| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Fragment];ReturnValue;taint;manual |
+| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Host];ReturnValue;taint;manual |
+| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Password];ReturnValue;taint;manual |
+| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Path];ReturnValue;taint;manual |
+| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Port];ReturnValue;taint;manual |
+| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Query];ReturnValue;taint;manual |
+| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.Scheme];ReturnValue;taint;manual |
+| System;UriBuilder;ToString;();Argument[this].Property[System.UriBuilder.UserName];ReturnValue;taint;manual |
+| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Fragment];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Host];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Path];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Port];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Query];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String);Argument[1];Argument[this].Property[System.UriBuilder.Host];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32);Argument[1];Argument[this].Property[System.UriBuilder.Host];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32);Argument[2];Argument[this].Property[System.UriBuilder.Port];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[1];Argument[this].Property[System.UriBuilder.Host];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[2];Argument[this].Property[System.UriBuilder.Port];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String);Argument[3];Argument[this].Property[System.UriBuilder.Path];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[1];Argument[this].Property[System.UriBuilder.Host];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[2];Argument[this].Property[System.UriBuilder.Port];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[3];Argument[this].Property[System.UriBuilder.Path];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[4];Argument[this].Property[System.UriBuilder.Fragment];taint;manual |
+| System;UriBuilder;UriBuilder;(System.String,System.String,System.Int32,System.String,System.String);Argument[4];Argument[this].Property[System.UriBuilder.Query];taint;manual |
+| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Fragment];taint;manual |
+| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Host];taint;manual |
+| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Path];taint;manual |
+| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Port];taint;manual |
+| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Query];taint;manual |
+| System;UriBuilder;UriBuilder;(System.Uri);Argument[0];Argument[this].Property[System.UriBuilder.Scheme];taint;manual |
+| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Fragment];ReturnValue;taint;manual |
+| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Host];ReturnValue;taint;manual |
+| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Password];ReturnValue;taint;manual |
+| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Path];ReturnValue;taint;manual |
+| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Port];ReturnValue;taint;manual |
+| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Query];ReturnValue;taint;manual |
+| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.Scheme];ReturnValue;taint;manual |
+| System;UriBuilder;get_Uri;();Argument[this].Property[System.UriBuilder.UserName];ReturnValue;taint;manual |
 | System;UriFormatException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated |
 | System;UriParser;GetComponents;(System.Uri,System.UriComponents,System.UriFormat);Argument[0];ReturnValue;taint;df-generated |
 | System;UriParser;OnNewUri;();Argument[this];ReturnValue;value;dfc-generated |