Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C#: Improve arg-param mapping logic to better handle arguments passed to params parameters #15175

Merged
merged 8 commits into from Jan 8, 2024
Merged

C#: Improve arg-param mapping logic to better handle arguments passed to params parameters #15175

merged 8 commits into from Jan 8, 2024

Conversation

tamasvajk
Copy link
Contributor

@tamasvajk tamasvajk commented Dec 20, 2023
edited

This PR changes Call::getArgumentForParameter to better cover cases when arguments are passed to params parameters.

Commit-by-commit review is suggested.

@github-actions github-actions bot added the C# label Dec 20, 2023
@tamasvajk tamasvajk marked this pull request as ready for review December 20, 2023 12:02
@tamasvajk tamasvajk requested a review from a team as a code owner December 20, 2023 12:02
@tamasvajk
Copy link
Contributor Author

tamasvajk commented Dec 20, 2023
edited

I checked some of the new issues in the DCA results. There is at least one false positive in cs/dereferenced-value-may-be-null, which reports on the following pattern:

Method(new object(), null);
void Method(params object[] objs)
{
  var x = objs.Length; // reports objs can be null, because of the null arg in the call. 
}

At the same time, there are new true positives found in cs/cleartext-storage-of-sensitive-information because we consider all expressions passed to the params parameter of System.Diagnostics.TraceSource.TraceEvent.

@tamasvajk tamasvajk marked this pull request as draft December 20, 2023 15:08
@tamasvajk
Copy link
Contributor Author

The second DCA run seems good. We find 3 additional alerts, all end in TraceMessageSinks (arguments passed to the params parameter of System.Diagnostics.TraceSource.TraceEvent).

@tamasvajk tamasvajk marked this pull request as ready for review December 21, 2023 11:14
michaelnebel
michaelnebel approved these changes Jan 4, 2024
View reviewed changes
Copy link
Contributor

@michaelnebel michaelnebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks plausible to me, but I would also like a second set of eyes on the PR.

hvitved
hvitved approved these changes Jan 4, 2024
View reviewed changes
Copy link
Contributor

@hvitved hvitved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@tamasvajk tamasvajk merged commit 6b8ed7e into github:main Jan 8, 2024
21 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hvitved hvitved hvitved approved these changes

@michaelnebel michaelnebel michaelnebel approved these changes

Assignees
No one assigned
Labels
C# documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@tamasvajk @hvitved @michaelnebel