Merge pull request #759 from calumgrant/cs/interface-tostring

rdmarsh2 · web-flow · commit e1d289ffb49b · 2019-01-31T12:03:49.000-08:00
C#: Remove FPs from cs/call-to-object-tostring
diff --git a/change-notes/1.20/analysis-csharp.md b/change-notes/1.20/analysis-csharp.md
@@ -16,6 +16,7 @@
 | Dereferenced variable may be null (cs/dereferenced-value-may-be-null) | Improved results | The query has been rewritten from scratch, and the analysis is now based on static single assignment (SSA) forms. The query is now enabled by default in LGTM. |
 | SQL query built from user-controlled sources (cs/sql-injection), Improper control of generation of code (cs/code-injection), Uncontrolled format string (cs/uncontrolled-format-string), Clear text storage of sensitive information (cs/cleartext-storage-of-sensitive-information), Exposure of private information (cs/exposure-of-sensitive-information) | More results | Data sources have been added from user controls in `System.Windows.Forms`. |
 | Use of default ToString() (cs/call-to-object-tostring) | Fewer false positives | Results have been removed for `char` arrays passed to `StringBuilder.Append()`, which were incorrectly marked as using `ToString`. |
+| Use of default ToString() (cs/call-to-object-tostring) | Fewer results | Results have been removed when the object is an interface or an abstract class. |
 
 ## Changes to code extraction
 
diff --git a/csharp/ql/src/Language Abuse/MissedReadonlyOpportunity.ql b/csharp/ql/src/Language Abuse/MissedReadonlyOpportunity.ql
@@ -36,5 +36,5 @@ where
   canBeReadonly(f) and
   not f.isConst() and
   not f.isReadOnly() and
-  (f.isEffectivelyPrivate() or f.isEffectivelyInternal())
+  not f.isEffectivelyPublic()
 select f, "Field '" + f.getName() + "' can be 'readonly'."
diff --git a/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql b/csharp/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
@@ -18,7 +18,7 @@ where
   v.getType() instanceof CollectionType and
   (
     v instanceof LocalVariable or
-    v = any(Field f | f.isEffectivelyPrivate() or f.isEffectivelyInternal())
+    v = any(Field f | not f.isEffectivelyPublic())
   ) and
   forex(Access a | a = v.getAnAccess() |
     a = any(ModifierMethodCall m).getQualifier() or
diff --git a/csharp/ql/src/Useless code/DefaultToString.ql b/csharp/ql/src/Useless code/DefaultToString.ql
@@ -54,6 +54,11 @@ predicate alwaysDefaultToString(ValueOrRefType t) {
   not exists(RefType overriding |
     overriding.getAMethod() instanceof ToStringMethod and
     overriding.getABaseType+() = t
+  ) and
+  (
+    (t.isAbstract() or t instanceof Interface)
+    implies
+    not t.isEffectivelyPublic()
   )
 }
 
diff --git a/csharp/ql/src/semmle/code/csharp/Member.qll b/csharp/ql/src/semmle/code/csharp/Member.qll
@@ -107,6 +107,14 @@ class Modifiable extends Declaration, @modifiable {
     this.isInternal() or
     this.getDeclaringType+().isInternal()
   }
+
+  /**
+   * Holds if this declaration is effectively `public`, because it
+   * and all enclosing types are `public`.
+   */
+  predicate isEffectivelyPublic() {
+    not isEffectivelyPrivate() and not isEffectivelyInternal()
+  }
 }
 
 /** A declaration that is a member of a type. */
diff --git a/csharp/ql/src/semmle/code/csharp/dataflow/internal/Steps.qll b/csharp/ql/src/semmle/code/csharp/dataflow/internal/Steps.qll
@@ -48,8 +48,7 @@ module Steps {
    * or because one of `m`'s enclosing types is).
    */
   private predicate isEffectivelyInternalOrPrivate(Modifiable m) {
-    m.isEffectivelyInternal() or
-    m.isEffectivelyPrivate()
+    not m.isEffectivelyPublic()
   }
 
   private predicate flowIn(Parameter p, Expr pred, AssignableRead succ) {
diff --git a/csharp/ql/src/semmle/code/csharp/dispatch/Dispatch.qll b/csharp/ql/src/semmle/code/csharp/dispatch/Dispatch.qll
@@ -294,7 +294,7 @@ private module Internal {
       |
         succ.(AssignableRead) = a.getAnAccess() and
         pred = a.getAnAssignedValue() and
-        a = any(Modifiable m | m.isEffectivelyInternal() or m.isEffectivelyPrivate())
+        a = any(Modifiable m | not m.isEffectivelyPublic())
       )
     }
 
diff --git a/csharp/ql/test/library-tests/modifiers/Effectively.expected b/csharp/ql/test/library-tests/modifiers/Effectively.expected
@@ -15,3 +15,9 @@
 | Modifiers.cs:41:20:41:21 | F1 | internal |
 | Modifiers.cs:43:26:43:27 | F2 | internal |
 | Modifiers.cs:47:30:47:31 | F4 | internal |
+| Modifiers.cs:52:19:52:19 | S | public |
+| Modifiers.cs:54:20:54:21 | P1 | public |
+| Modifiers.cs:54:36:54:38 | get_P1 | public |
+| Modifiers.cs:54:52:54:54 | set_P1 | public |
+| Modifiers.cs:55:20:55:21 | P2 | public |
+| Modifiers.cs:55:36:55:38 | get_P2 | public |
diff --git a/csharp/ql/test/library-tests/modifiers/Effectively.ql b/csharp/ql/test/library-tests/modifiers/Effectively.ql
@@ -7,5 +7,7 @@ where
     m.isEffectivelyInternal() and not m.isInternal() and s = "internal"
     or
     m.isEffectivelyPrivate() and not m.isPrivate() and s = "private"
+    or 
+    m.isEffectivelyPublic() and s = "public"
   )
 select m, s
diff --git a/csharp/ql/test/query-tests/Useless Code/DefaultToString/DefaultToString.cs b/csharp/ql/test/query-tests/Useless Code/DefaultToString/DefaultToString.cs
@@ -1,7 +1,7 @@
 using System;
 using System.Text;
 
-class DefaultToString
+public class DefaultToString
 {
     void M()
     {
@@ -29,6 +29,12 @@ void M()
 
         var sb = new StringBuilder();
         sb.Append(new char[] { 'a', 'b', 'c' }, 0, 3); // GOOD
+
+        IPrivate f = null;
+        Console.WriteLine(f);  // BAD
+
+        IPublic g = null;
+        Console.WriteLine(g);  // GOOD
     }
 
     class A
@@ -48,6 +54,14 @@ class D : C
     {
         override public string ToString() { return "D"; }
     }
+
+    public interface IPublic
+    {
+    }
+
+    private interface IPrivate
+    {
+    }
 }
 
 // semmle-extractor-options: /r:System.Runtime.Extensions.dll
diff --git a/csharp/ql/test/query-tests/Useless Code/DefaultToString/DefaultToString.expected b/csharp/ql/test/query-tests/Useless Code/DefaultToString/DefaultToString.expected
@@ -1,7 +1,8 @@
-| DefaultToString.cs:9:27:9:27 | access to local variable d | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToString.cs:4:7:4:21 | DefaultToString | DefaultToString |
-| DefaultToString.cs:10:28:10:28 | access to local variable d | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToString.cs:4:7:4:21 | DefaultToString | DefaultToString |
+| DefaultToString.cs:9:27:9:27 | access to local variable d | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToString.cs:4:14:4:28 | DefaultToString | DefaultToString |
+| DefaultToString.cs:10:28:10:28 | access to local variable d | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToString.cs:4:14:4:28 | DefaultToString | DefaultToString |
 | DefaultToString.cs:16:27:16:30 | access to local variable ints | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. |  | Int32[] | Int32[] |
 | DefaultToString.cs:19:24:19:27 | access to local variable ints | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. |  | Int32[] | Int32[] |
+| DefaultToString.cs:34:27:34:27 | access to local variable f | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToString.cs:62:23:62:30 | IPrivate | IPrivate |
 | DefaultToStringBad.cs:8:35:8:35 | access to local variable p | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. | DefaultToStringBad.cs:14:11:14:16 | Person | Person |
 | DefaultToStringBad.cs:11:38:11:41 | access to local variable ints | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. |  | Int32[] | Int32[] |
 | WriteLineArray.cs:7:23:7:26 | access to parameter args | Default 'ToString()': $@ inherits 'ToString()' from 'Object', and so is not suitable for printing. |  | String[] | String[] |

Original file line number	Diff line number	Diff line change
`@@ -18,7 +18,7 @@ where`
`18`	`18`	`v.getType() instanceof CollectionType and`
`19`	`19`	`(`
`20`	`20`	`v instanceof LocalVariable or`
`21`		`- v = any(Field f \| f.isEffectivelyPrivate() or f.isEffectivelyInternal())`
	`21`	`+ v = any(Field f \| not f.isEffectivelyPublic())`
`22`	`22`	`) and`
`23`	`23`	`forex(Access a \| a = v.getAnAccess() \|`
`24`	`24`	`a = any(ModifierMethodCall m).getQualifier() or`
Original file line number	Diff line number	Diff line change
`@@ -54,6 +54,11 @@ predicate alwaysDefaultToString(ValueOrRefType t) {`
`54`	`54`	`not exists(RefType overriding \|`
`55`	`55`	`overriding.getAMethod() instanceof ToStringMethod and`
`56`	`56`	`overriding.getABaseType+() = t`
	`57`	`+ ) and`
	`58`	`+ (`
	`59`	`+ (t.isAbstract() or t instanceof Interface)`
	`60`	`+ implies`
	`61`	`+ not t.isEffectivelyPublic()`
`57`	`62`	`)`
`58`	`63`	`}`
`59`	`64`
Original file line number	Diff line number	Diff line change
`@@ -107,6 +107,14 @@ class Modifiable extends Declaration, @modifiable {`
`107`	`107`	`this.isInternal() or`
`108`	`108`	`this.getDeclaringType+().isInternal()`
`109`	`109`	`}`
	`110`	`+`
	`111`	`+ /**`
	`112`	+ * Holds if this declaration is effectively `public`, because it
	`113`	+ * and all enclosing types are `public`.
	`114`	`+ */`
	`115`	`+ predicate isEffectivelyPublic() {`
	`116`	`+ not isEffectivelyPrivate() and not isEffectivelyInternal()`
	`117`	`+ }`
`110`	`118`	`}`
`111`	`119`
`112`	`120`	`/** A declaration that is a member of a type. */`
Original file line number	Diff line number	Diff line change
`@@ -48,8 +48,7 @@ module Steps {`
`48`	`48`	* or because one of `m`'s enclosing types is).
`49`	`49`	`*/`
`50`	`50`	`private predicate isEffectivelyInternalOrPrivate(Modifiable m) {`
`51`		`- m.isEffectivelyInternal() or`
`52`		`- m.isEffectivelyPrivate()`
	`51`	`+ not m.isEffectivelyPublic()`
`53`	`52`	`}`
`54`	`53`
`55`	`54`	`private predicate flowIn(Parameter p, Expr pred, AssignableRead succ) {`
Original file line number	Diff line number	Diff line change
`@@ -294,7 +294,7 @@ private module Internal {`
`294`	`294`	`\|`
`295`	`295`	`succ.(AssignableRead) = a.getAnAccess() and`
`296`	`296`	`pred = a.getAnAssignedValue() and`
`297`		`- a = any(Modifiable m \| m.isEffectivelyInternal() or m.isEffectivelyPrivate())`
	`297`	`+ a = any(Modifiable m \| not m.isEffectivelyPublic())`
`298`	`298`	`)`
`299`	`299`	`}`
`300`	`300`
Original file line number	Diff line number	Diff line change
`@@ -7,5 +7,7 @@ where`
`7`	`7`	`m.isEffectivelyInternal() and not m.isInternal() and s = "internal"`
`8`	`8`	`or`
`9`	`9`	`m.isEffectivelyPrivate() and not m.isPrivate() and s = "private"`
	`10`	`+ or`
	`11`	`+ m.isEffectivelyPublic() and s = "public"`
`10`	`12`	`)`
`11`	`13`	`select m, s`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`using System;`
`2`	`2`	`using System.Text;`
`3`	`3`
`4`		`-class DefaultToString`
	`4`	`+public class DefaultToString`
`5`	`5`	`{`
`6`	`6`	`void M()`
`7`	`7`	`{`
`@@ -29,6 +29,12 @@ void M()`
`29`	`29`
`30`	`30`	`var sb = new StringBuilder();`
`31`	`31`	`sb.Append(new char[] { 'a', 'b', 'c' }, 0, 3); // GOOD`
	`32`	`+`
	`33`	`+ IPrivate f = null;`
	`34`	`+ Console.WriteLine(f); // BAD`
	`35`	`+`
	`36`	`+ IPublic g = null;`
	`37`	`+ Console.WriteLine(g); // GOOD`
`32`	`38`	`}`
`33`	`39`
`34`	`40`	`class A`
`@@ -48,6 +54,14 @@ class D : C`
`48`	`54`	`{`
`49`	`55`	`override public string ToString() { return "D"; }`
`50`	`56`	`}`
	`57`	`+`
	`58`	`+ public interface IPublic`
	`59`	`+ {`
	`60`	`+ }`
	`61`	`+`
	`62`	`+ private interface IPrivate`
	`63`	`+ {`
	`64`	`+ }`
`51`	`65`	`}`
`52`	`66`
`53`	`67`	`// semmle-extractor-options: /r:System.Runtime.Extensions.dll`