Add new stubs definitions to System.Web and System.Net #19456
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
5idg5
commented
May 2, 2025
5idg5
commented
- Added new definitions to https://github.com/github/codeql/blob/main/csharp/ql/test/resources/stubs/System.Web.cs and https://github.com/github/codeql/blob/main/csharp/ql/test/resources/stubs/System.Net.cs
- Updated options files where applicable, to point to /resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj since System.Web newly added ApiController lines need those dependencies/
There was a problem hiding this comment.
Pull Request Overview
This PR ensures that test suites loading the new System.Web API Controller definitions have their dependencies satisfied by adding the Microsoft.AspNetCore.App framework project to the extractor options.
- Updated extractor options in security feature and experimental query tests to include
Microsoft.AspNetCore.App.csproj - Introduced new stub definitions for
System.Web.csandSystem.Net.cs(not shown) and ensured dependent tests reference the appropriate frameworks
Reviewed Changes
Copilot reviewed 49 out of 49 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| csharp/ql/test/query-tests/Security Features/CWE-134/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/query-tests/Security Features/CWE-112/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/query-tests/Security Features/CWE-099/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/query-tests/Security Features/CWE-094/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/query-tests/Security Features/CWE-090/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/query-tests/Security Features/CWE-020/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/Security Features/CWE-614/RequireSSLSystemWeb/HttpCookiesTrue/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/Security Features/CWE-614/RequireSSLSystemWeb/FormsTrue/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/Security Features/CWE-614/RequireSSLSystemWeb/ConfigFalse/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/Security Features/CWE-614/RequireSSLSystemWeb/ConfigEmpty/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/Security Features/CWE-614/RequireSSLFalseSystemWeb/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/Security Features/CWE-1004/CookieWithoutHttpOnlySystemWeb/HttpCookiesTrue/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/Security Features/CWE-1004/CookieWithoutHttpOnlySystemWeb/ConfigFalse/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/Security Features/CWE-1004/CookieWithoutHttpOnlySystemWeb/ConfigEmpty/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/Security Features/CWE-1004/CookieHttpOnlyFalseSystemWeb/options | Added AspNetCore.App project reference to extractor options |
| csharp/ql/test/experimental/CWE-918/options | Added AspNetCore.App project reference to extractor options |
Comments suppressed due to low confidence (5)
csharp/ql/test/query-tests/Security Features/CWE-134/options:3
- After adding the ASP.NET Core framework load, also include the System.Net.cs stub in the options so tests can access the newly added System.Net definitions.
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/options:3
- Include the System.Net.cs stub here as well so that any queries depending on System.Net types will resolve correctly.
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
csharp/ql/test/query-tests/Security Features/CWE-112/options:3
- Add a loader for the System.Net.cs stub after the System.Web.cs line to cover new System.Net definitions in tests.
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
csharp/ql/test/query-tests/Security Features/CWE-099/options:3
- Ensure the System.Net.cs stub is also loaded here so that tests exercising System.Net APIs will pass with the new definitions.
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
csharp/ql/test/query-tests/Security Features/CWE-094/options:3
- After including the ASP.NET Core stub, add the System.Net.cs stub so that any queries relying on new System.Net definitions are resolved in this test.
semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.