Merge pull request #4858 from hvitved/csharp/merge-format-queries

C#: Merge queries `FormatInvalid.ql`, `FormatMissingArgument.ql`, and `FormatUnusedArgument.ql`

Author: hvitved

csharp/change-notes/2020-12-21-merge-format-queries.md

@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The queries `FormatInvalid.ql`, `FormatMissingArgument.ql`, and `FormatUnusedArgument.ql` have been merged into a single `FormatInvalid.ql` query.

csharp/ql/src/API Abuse/FormatInvalid.qhelp

@@ -4,28 +4,46 @@
 <qhelp>
 <overview>
 <p>
-The format string supplied to formatting methods (such as <code>string.Format()</code>)
-must be formatted correctly, otherwise the exception <code>System.FormatException</code> 
-will be thrown.
+When using string formatting methods (such as <code>string.Format()</code>), the following
+should be taken into account:
 </p>
+<ol>
+  <li>
+    The formatting string must be formatted correctly, otherwise the exception
+    <code>System.FormatException</code> will be thrown.
+  </li>
+  <li>
+    All passed arguments should be used by the formatting string, otherwise such
+    arguments will be ignored.
+  </li>
+  <li>
+    Missing arguments will result in a <code>System.FormatException</code> exception
+    being thrown.
+  </li>
+</ol>
 
 </overview>
 
 <recommendation>
 
-<p>
-Change the format string so that it is correctly formatted. Ensure that each
-format item adheres to the syntax:
-</p>
-
-<blockquote>
-  <p><b>{</b><i>index</i>[<b>,</b><i>alignment</i>][<b>:</b><i>formatString</i>]<b>}</b></p>
-</blockquote>
-
-<p>
-When literals <code>{</code> or <code>}</code> are required, replace them with <code>{{</code> and
-<code>}}</code>, respectively, or supply them as arguments.
-</p>
+<ol>
+  <li>
+    Change the format string so that it is correctly formatted. Ensure that each
+    format item adheres to the syntax:
+    <blockquote>
+      <p><b>{</b><i>index</i>[<b>,</b><i>alignment</i>][<b>:</b><i>formatString</i>]<b>}</b></p>
+    </blockquote>
+    When literals <code>{</code> or <code>}</code> are required, replace them with <code>{{</code> and
+    <code>}}</code>, respectively, or supply them as arguments.
+  </li>
+  <li>
+    Change the format string to use the highlighted argument, or remove the unnecessary argument.
+  </li>
+  <li>
+    Supply the correct number of arguments to the format method, or change the format string 
+    to use the correct arguments.
+  </li>
+</ol>
 
 </recommendation>
 
@@ -40,8 +58,39 @@ literals are not properly escaped.
 In the revised example, the literals are properly escaped.
 </p>
 <sample src="FormatInvalidGood.cs" />
+</example>
 
+<example>
+<p>
+Here are three examples where the format string does not use all the arguments.
+</p>
+<sample src="FormatUnusedArgumentBad.cs"/>
+<ul>
+  <li>On line 7, the second argument (<code>ex.HResult</code>) is not logged.</li>
+  <li>On line 8, the first argument (<code>ex</code>) is not logged but the second 
+    argument (<code>ex.HResult</code>) is logged twice.</li>
+  <li>On line 9, a C-style format string is used, which is incorrect, and neither 
+    argument will be logged.</li>
+</ul>  
 </example>
+
+<example>
+<p>
+Here are two examples where the call to <code>String.Format()</code> is missing arguments.
+</p>
+<sample src="FormatMissingArgumentBad.cs"/>
+<ul>
+  <li>On line 7, the second argument (<code>last</code>) is not supplied.</li>
+  <li>On line 8, the format items are numbered <code>{1}</code> and <code>{2}</code>,
+    instead of <code>{0}</code> and <code>{1}</code> as they should be.</li>
+</ul>
+
+<p>
+In the revised example, both arguments are supplied.
+</p>
+<sample src="FormatMissingArgumentGood.cs"/>
+</example>
+
 <references>
   <li>MSDN: <a href="https://msdn.microsoft.com/en-us/library/system.string.format.aspx">String.Format Method</a>.</li>
   <li>Microsoft: <a href="https://docs.microsoft.com/en-us/dotnet/standard/base-types/composite-formatting">Composite Formatting</a>.</li>

csharp/ql/src/API Abuse/FormatInvalid.ql

@@ -1,20 +1,86 @@
 /**
- * @name Invalid format string
- * @description Using a format string with an incorrect format causes a 'System.FormatException'.
+ * @name Invalid string formatting
+ * @description Calling 'string.Format()' with either an invalid format string or incorrect
+ *              number of arguments may result in dropped arguments or a 'System.FormatException'.
  * @kind path-problem
  * @problem.severity error
  * @precision high
- * @id cs/invalid-format-string
+ * @id cs/invalid-string-formatting
  * @tags reliability
  *       maintainability
  */
 
 import csharp
 import semmle.code.csharp.frameworks.Format
-import FormatFlow
+import DataFlow::PathGraph
 
-from FormatCall s, InvalidFormatString src, PathNode source, PathNode sink
+private class FormatConfiguration extends DataFlow::Configuration {
+  FormatConfiguration() { this = "format" }
+
+  override predicate isSource(DataFlow::Node n) { n.asExpr() instanceof StringLiteral }
+
+  override predicate isSink(DataFlow::Node n) {
+    exists(FormatCall c | n.asExpr() = c.getFormatExpr())
+  }
+}
+
+private predicate invalidFormatString(
+  InvalidFormatString src, DataFlow::PathNode source, DataFlow::PathNode sink, string msg,
+  FormatCall call, string callString
+) {
+  source.getNode().asExpr() = src and
+  sink.getNode().asExpr() = call.getFormatExpr() and
+  any(FormatConfiguration conf).hasFlowPath(source, sink) and
+  call.hasInsertions() and
+  msg = "Invalid format string used in $@ formatting call." and
+  callString = "this"
+}
+
+private predicate unusedArgument(
+  FormatCall call, DataFlow::PathNode source, DataFlow::PathNode sink, string msg,
+  ValidFormatString src, string srcString, Expr unusedExpr, string unusedString
+) {
+  exists(int unused |
+    source.getNode().asExpr() = src and
+    sink.getNode().asExpr() = call.getFormatExpr() and
+    any(FormatConfiguration conf).hasFlowPath(source, sink) and
+    unused = call.getASuppliedArgument() and
+    not unused = src.getAnInsert() and
+    not src.getValue() = "" and
+    msg = "The $@ ignores $@." and
+    srcString = "format string" and
+    unusedExpr = call.getSuppliedExpr(unused) and
+    unusedString = "this supplied value"
+  )
+}
+
+private predicate missingArgument(
+  FormatCall call, DataFlow::PathNode source, DataFlow::PathNode sink, string msg,
+  ValidFormatString src, string srcString
+) {
+  exists(int used, int supplied |
+    source.getNode().asExpr() = src and
+    sink.getNode().asExpr() = call.getFormatExpr() and
+    any(FormatConfiguration conf).hasFlowPath(source, sink) and
+    used = src.getAnInsert() and
+    supplied = call.getSuppliedArguments() and
+    used >= supplied and
+    msg = "Argument '{" + used + "}' has not been supplied to $@ format string." and
+    srcString = "this"
+  )
+}
+
+from
+  Element alert, DataFlow::PathNode source, DataFlow::PathNode sink, string msg, Element extra1,
+  string extra1String, Element extra2, string extra2String
 where
-  hasFlowPath(src, source, s, sink) and
-  s.hasInsertions()
-select src, source, sink, "Invalid format string used in $@ formatting call.", s, "this"
+  invalidFormatString(alert, source, sink, msg, extra1, extra1String) and
+  extra2 = extra1 and
+  extra2String = extra1String
+  or
+  unusedArgument(alert, source, sink, msg, extra1, extra1String, extra2, extra2String)
+  or
+  missingArgument(alert, source, sink, msg, extra1, extra1String) and
+  extra2 = extra1 and
+  extra2String = extra1String
+select alert, source, sink, msg, extra1, extra1String, extra2, extra2String

csharp/ql/src/API Abuse/FormatInvalidBad.cs

@@ -1,6 +1,6 @@
 using System;
 
-class Bad
+class Bad1
 {
     string GenerateEmptyClass(string c)
     {

csharp/ql/src/API Abuse/FormatInvalidGood.cs

@@ -1,9 +1,9 @@
 using System;
 
-class Good
+class Good1
 {
     string GenerateEmptyClass(string c)
     {
-        return string.Format("class {0} {{ }}");
+        return string.Format("class {0} {{ }}", "C");
     }
 }

csharp/ql/src/API Abuse/FormatMissingArgument.qhelp

@@ -1,6 +1,6 @@
 using System;
 
-class Bad
+class Bad3
 {
     void Hello(string first, string last)
     {

csharp/ql/src/API Abuse/FormatMissingArgument.ql

@@ -1,6 +1,6 @@
 using System;
 
-class Good
+class Good3
 {
     void Hello(string first, string last)
     {