Microsoft.Extensions.Configuration models

Author: egregius313

csharp/ql/lib/ext/Microsoft.Extensions.Configuration.model.yml

@@ -0,0 +1,15 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sourceModel
+    data:
+      - ["Microsoft.Extensions.Configuration", "EnvironmentVariablesExtensions", False, "AddEnvironmentVariables", "(Microsoft.Extensions.Configuration.IConfigurationBuilder)", "", "ReturnValue", "environment", "manual"]
+      - ["Microsoft.Extensions.Configuration", "EnvironmentVariablesExtensions", False, "AddEnvironmentVariables", "(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.String)", "", "ReturnValue", "environment", "manual"]
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: summaryModel
+    data:
+      - ["Microsoft.Extensions.Configuration", "IConfiguration", True, "get_Item", "(System.String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["Microsoft.Extensions.Configuration", "IConfigurationBuilder", True, "Build", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["Microsoft.Extensions.Configuration", "CommandLineConfigurationExtensions", False, "AddCommandLine", "(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.String[])", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["Microsoft.Extensions.Configuration", "CommandLineConfigurationExtensions", False, "AddCommandLine", "(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.String[],System.Collections.Generic.IDictionary<System.String,System.String>)", "", "Argument[1..2]", "ReturnValue", "taint", "manual"]

csharp/ql/test/library-tests/dataflow/flowsources/local/environment/EnvironmentVariables.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections;
+using Microsoft.Extensions.Configuration;
 
 namespace EnvironmentVariables
 {
@@ -23,5 +24,13 @@ public static void ExpandEnvironmentVariables(string environmentVariable)
         {
             string expanded = Environment.ExpandEnvironmentVariables("%PATH%");
         }
+
+        public static void TaintedConfiguration()
+        {
+            var config = new ConfigurationBuilder()
+                .AddEnvironmentVariables()
+                .Build();
+            var path = config["PATH"];
+        }
     }
 }

csharp/ql/test/library-tests/dataflow/flowsources/local/environment/options

@@ -0,0 +1,4 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/Microsoft.Extensions.Configuration/8.0.0/Microsoft.Extensions.Configuration.csproj
+semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs

csharp/ql/test/resources/stubs/Microsoft.Extensions.Configuration/8.0.0/Microsoft.Extensions.Configuration.cs

@@ -0,0 +1,102 @@
+namespace Microsoft.Extensions.Configuration
+{
+    public interface IConfiguration
+    {
+        public string? this[string key] { get; set; }
+    }
+
+    public interface IConfigurationRoot : IConfiguration { }
+
+    public interface IConfigurationSource { }
+
+    public interface IConfigurationBuilder
+    {
+        public System.Collections.Generic.Dictionary<string, object> Properties { get; }
+
+        public System.Collections.Generic.IList<IConfigurationSource> Sources { get; }
+
+        public IConfigurationRoot Build();
+
+        public IConfigurationBuilder Add(IConfigurationSource source);
+    }
+
+    public class ConfigurationBuilder : IConfigurationBuilder
+    {
+        public System.Collections.Generic.Dictionary<string, object> Properties { get; }
+        public System.Collections.Generic.IList<IConfigurationSource> Sources { get; }
+
+        public ConfigurationBuilder()
+        {
+            Properties = new System.Collections.Generic.Dictionary<string, object>();
+            Sources = new System.Collections.Generic.List<IConfigurationSource>();
+        }
+
+        public IConfigurationRoot Build()
+        {
+            return new ConfigurationRoot();
+        }
+
+        public IConfigurationBuilder Add(IConfigurationSource source)
+        {
+            return this;
+        }
+    }
+
+    public class ConfigurationRoot : IConfigurationRoot
+    {
+        public string? this[string key] { get => throw new System.NotImplementedException(); set => throw new System.NotImplementedException(); }
+    }
+
+    public static class CommandLineConfigurationExtensions
+    {
+        public static IConfigurationBuilder AddCommandLine(this IConfigurationBuilder builder, string[] args)
+        {
+            return builder;
+        }
+
+        public static IConfigurationBuilder AddCommandLine(this IConfigurationBuilder builder, string[] args, System.Collections.Generic.Dictionary<string, string> switchMappings)
+        {
+            return builder;
+        }
+
+        public static IConfigurationBuilder AddCommandLine(this IConfigurationBuilder builder, System.Action<Microsoft.Extensions.Configuration.CommandLine.CommandLineConfigurationSource> configureSource)
+        {
+            return builder;
+        }
+    }
+
+    public static class EnvironmentVariablesConfigurationExtensions
+    {
+        public static IConfigurationBuilder AddEnvironmentVariables(this IConfigurationBuilder builder)
+        {
+            return builder;
+        }
+
+        public static IConfigurationBuilder AddEnvironmentVariables(this IConfigurationBuilder builder, string prefix)
+        {
+            return builder;
+        }
+
+        public static IConfigurationBuilder AddEnvironmentVariables(this IConfigurationBuilder builder, System.Action<Microsoft.Extensions.Configuration.EnvironmentVariables.EnvironmentVariablesConfigurationSource> configureSource)
+        {
+            return builder;
+        }
+    }
+
+    namespace CommandLine
+    {
+        public class CommandLineConfigurationSource : IConfigurationSource
+        {
+            public System.Collections.Generic.Dictionary<string, string> SwitchMappings { get; set; }
+            public System.Collections.Generic.IEnumerable<string> Args { get; set; }
+        }
+    }
+
+    namespace EnvironmentVariables
+    {
+        public class EnvironmentVariablesConfigurationSource : IConfigurationSource
+        {
+            public string? Prefix { get; set; }
+        }
+    }
+}

csharp/ql/test/resources/stubs/Microsoft.Extensions.Configuration/8.0.0/Microsoft.Extensions.Configuration.csproj

@@ -0,0 +1,13 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  <PropertyGroup>
+    <TargetFramework>net8.0</TargetFramework>
+    <AllowUnsafeBlocks>true</AllowUnsafeBlocks>
+    <OutputPath>bin\</OutputPath>
+    <AppendTargetFrameworkToOutputPath>false</AppendTargetFrameworkToOutputPath>
+  </PropertyGroup>
+
+  <ItemGroup>
+    <ProjectReference Include="../../Microsoft.Extensions.Primitives/6.0.0/Microsoft.Extensions.Primitives.csproj" />
+    <ProjectReference Include="../../_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj" />
+  </ItemGroup>
+</Project>