Merge pull request #813 from calumgrant/cs/sb-append-chars

jf205 · web-flow · commit 0a4f2e83762d · 2019-01-24T09:12:55.000Z
C#: Fix FP in cs/call-to-object-tostring
diff --git a/change-notes/1.20/analysis-csharp.md b/change-notes/1.20/analysis-csharp.md
@@ -15,7 +15,8 @@
 | Dereferenced variable is always null (cs/dereferenced-value-is-always-null) | Improved results | The query has been rewritten from scratch, and the analysis is now based on static single assignment (SSA) forms. The query is now enabled by default in LGTM. |
 | Dereferenced variable may be null (cs/dereferenced-value-may-be-null) | Improved results | The query has been rewritten from scratch, and the analysis is now based on static single assignment (SSA) forms. The query is now enabled by default in LGTM. |
 | SQL query built from user-controlled sources (cs/sql-injection), Improper control of generation of code (cs/code-injection), Uncontrolled format string (cs/uncontrolled-format-string), Clear text storage of sensitive information (cs/cleartext-storage-of-sensitive-information), Exposure of private information (cs/exposure-of-sensitive-information) | More results | Data sources have been added from user controls in `System.Windows.Forms`. |
- 
+| Use of default ToString() (cs/call-to-object-tostring) | Fewer false positives | Results have been removed for `char` arrays passed to `StringBuilder.Append()`, which were incorrectly marked as using `ToString`. |
+
 ## Changes to code extraction
 
 * Fix extraction of `for` statements where the condition declares new variables using `is`.
diff --git a/csharp/ql/src/semmle/code/csharp/commons/Strings.qll b/csharp/ql/src/semmle/code/csharp/commons/Strings.qll
@@ -28,7 +28,8 @@ class ImplicitToStringExpr extends Expr {
       m = p.getCallable()
     |
       m = any(SystemTextStringBuilderClass c).getAMethod() and
-      m.getName().regexpMatch("Append(Line)?")
+      m.getName().regexpMatch("Append(Line)?") and
+      not p.getType() instanceof ArrayType
       or
       p instanceof StringFormatItemParameter and
       not p.getType() = any(ArrayType at |
diff --git a/csharp/ql/test/query-tests/Useless Code/DefaultToString/DefaultToString.cs b/csharp/ql/test/query-tests/Useless Code/DefaultToString/DefaultToString.cs
@@ -26,6 +26,9 @@ void M()
 
         C c = new D();
         Console.WriteLine(c); // GOOD
+
+        var sb = new StringBuilder();
+        sb.Append(new char[] { 'a', 'b', 'c' }, 0, 3); // GOOD
     }
 
     class A

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,9 @@ void M()`
`26`	`26`
`27`	`27`	`C c = new D();`
`28`	`28`	`Console.WriteLine(c); // GOOD`
	`29`	`+`
	`30`	`+ var sb = new StringBuilder();`
	`31`	`+ sb.Append(new char[] { 'a', 'b', 'c' }, 0, 3); // GOOD`
`29`	`32`	`}`
`30`	`33`
`31`	`34`	`class A`