C++: Add more Win32 and Azure SDK remote flow sources#21260
C++: Add more Win32 and Azure SDK remote flow sources#21260MathiasVP merged 7 commits intogithub:mainfrom
Conversation
There was a problem hiding this comment.
Pull request overview
This pull request adds remote flow sources for two C/C++ APIs: the Win32 WinHTTP library and the Azure C/C++ SDK. These additions enable CodeQL to track data flowing from HTTP responses through these APIs as potential security-relevant remote data sources.
Changes:
- Added WinHttp.qll implementation file with taint-inheriting content classes for WinHTTP data structures
- Added model definitions for WinHTTP functions (WinHttpReadData, WinHttpQueryHeaders, WinHttpCrackUrl, etc.) and Azure SDK classes (RawResponse, Request, BodyStream, etc.)
- Added comprehensive test coverage for both WinHTTP and Azure SDK APIs with expected results
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| cpp/ql/lib/semmle/code/cpp/models/implementations/WinHttp.qll | Defines QL classes for WinHTTP structures and taint-inheriting content handling |
| cpp/ql/lib/semmle/code/cpp/models/Models.qll | Imports the new WinHttp implementation |
| cpp/ql/lib/ext/Windows.model.yml | Adds source and summary models for WinHTTP API functions |
| cpp/ql/lib/ext/azure.core.model.yml | Adds source and summary models for Azure SDK HTTP and IO classes |
| cpp/ql/test/library-tests/dataflow/external-models/windows.cpp | Adds test cases for WinHTTP functions with function declarations and test code |
| cpp/ql/test/library-tests/dataflow/external-models/azure.cpp | Adds test cases for Azure SDK classes with stubs and test code |
| cpp/ql/test/library-tests/dataflow/external-models/*.expected | Updates test expectations to reflect new sources, steps, and flow patterns |
Comments suppressed due to low confidence (1)
cpp/ql/lib/semmle/code/cpp/models/implementations/WinHttp.qll:10
- The comment says "classes" but should be "class" since WINHTTP_EXTENDED_HEADER is a single class/struct type.
/** The `WINHTTP_EXTENDED_HEADER` classes from `winhttp.h`. */
geoffw0
left a comment
geoffw0
left a comment
There was a problem hiding this comment.
Tests, models, DCA all LGTM. 👍
| LoopDetected = 508, | ||
| NotExtended = 510, | ||
| NetworkAuthenticationRequired = 511 | ||
| }; |
There was a problem hiding this comment.
Some of the specifics here are in excess of what we need for what's being tested. Its not an issue, but might've saved a bit of effort (perhaps).
There was a problem hiding this comment.
Yeah, totally not necessary. I just figured it couldn't hurt
2 participants
This PR adds remote flow sources for two C/C++ APIs:
Commit-by-commit review recommended. Most of the code is just adding stubs for various APIs.