C++: Add more Win32 and Azure SDK remote flow sources #21260
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request adds remote flow sources for two C/C++ APIs: the Win32 WinHTTP library and the Azure C/C++ SDK. These additions enable CodeQL to track data flowing from HTTP responses through these APIs as potential security-relevant remote data sources.
Changes:
- Added WinHttp.qll implementation file with taint-inheriting content classes for WinHTTP data structures
- Added model definitions for WinHTTP functions (WinHttpReadData, WinHttpQueryHeaders, WinHttpCrackUrl, etc.) and Azure SDK classes (RawResponse, Request, BodyStream, etc.)
- Added comprehensive test coverage for both WinHTTP and Azure SDK APIs with expected results
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| cpp/ql/lib/semmle/code/cpp/models/implementations/WinHttp.qll | Defines QL classes for WinHTTP structures and taint-inheriting content handling |
| cpp/ql/lib/semmle/code/cpp/models/Models.qll | Imports the new WinHttp implementation |
| cpp/ql/lib/ext/Windows.model.yml | Adds source and summary models for WinHTTP API functions |
| cpp/ql/lib/ext/azure.core.model.yml | Adds source and summary models for Azure SDK HTTP and IO classes |
| cpp/ql/test/library-tests/dataflow/external-models/windows.cpp | Adds test cases for WinHTTP functions with function declarations and test code |
| cpp/ql/test/library-tests/dataflow/external-models/azure.cpp | Adds test cases for Azure SDK classes with stubs and test code |
| cpp/ql/test/library-tests/dataflow/external-models/*.expected | Updates test expectations to reflect new sources, steps, and flow patterns |
Comments suppressed due to low confidence (1)
cpp/ql/lib/semmle/code/cpp/models/implementations/WinHttp.qll:10
- The comment says "classes" but should be "class" since WINHTTP_EXTENDED_HEADER is a single class/struct type.
/** The `WINHTTP_EXTENDED_HEADER` classes from `winhttp.h`. */
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds remote flow sources for two C/C++ APIs:
Commit-by-commit review recommended. Most of the code is just adding stubs for various APIs.