Skip to content

C#: Blazor: Support string literals as property names in jump nodes#19145

Merged
tamasvajk merged 7 commits intogithub:mainfrom
tamasvajk:tamasvajk/blazor/parameter-passing-jumpnode-2
Apr 3, 2025
Merged

C#: Blazor: Support string literals as property names in jump nodes#19145
tamasvajk merged 7 commits intogithub:mainfrom
tamasvajk:tamasvajk/blazor/parameter-passing-jumpnode-2

Conversation

@tamasvajk
Copy link
Contributor

@tamasvajk tamasvajk commented Mar 28, 2025
edited
Loading

Continuation of #18957.

Older versions of Blazor used a string literal instead of a nameof expression in order to specify the property being set. Therefore, it is necessary to modify the corresponding jump node in order to model the steps correctly.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 28, 2025
View reviewed changes
csharp/ql/integration-tests/all-platforms/blazor/XSS.qlref
Comment on lines 1 to 2
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql

Check warning

Code scanning / CodeQL

Query test without inline test expectations Warning

Query test does not use inline test expectations.
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.qlref
Comment on lines 1 to 2
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql

Check warning

Code scanning / CodeQL

Query test without inline test expectations Warning

Query test does not use inline test expectations.
csharp/ql/integration-tests/all-platforms/blazor_net_8/XSS.qlref
Comment on lines 1 to 2
query: Security Features/CWE-079/XSS.ql
postprocess: utils/test/PrettyPrintModels.ql

Check warning

Code scanning / CodeQL

Query test without inline test expectations Warning

Query test does not use inline test expectations.
csharp/ql/test/library-tests/frameworks/microsoft/aspnetcore/blazor/Xss.qlref
@@ -0,0 +1 @@
Security Features/CWE-079/XSS.ql No newline at end of file

Check warning

Code scanning / CodeQL

Query test without inline test expectations Warning test

Query test does not use inline test expectations.
egregius313 and others added 5 commits March 28, 2025 16:04
@egregius313 @tamasvajk
Support when a property is specified by a string literal instead of a…
52b889f 
… `nameof` expression

In earlier versions of the Razor generator, a string literal was used
instead of a `nameof` expression in order to indicate the name of the
property being modified. This means we need to look up the property by
name instead of using a more explicit access.
@egregius313 @tamasvajk
Add test case using string literal in property name
3d0a85b
@egregius313 @tamasvajk
[change-note] Blazor parameter passing string literal
d601c26
@tamasvajk
Restrict name based property lookup to opened component types
72fb6ed
@tamasvajk
Adjust expected test file
32448c1
@tamasvajk tamasvajk force-pushed the tamasvajk/blazor/parameter-passing-jumpnode-2 branch from 61e2aa7 to 32448c1 Compare March 28, 2025 15:04
@tamasvajk tamasvajk marked this pull request as ready for review March 28, 2025 15:06
@tamasvajk tamasvajk requested a review from a team as a code owner March 28, 2025 15:06
@michaelnebel michaelnebel self-requested a review April 1, 2025 06:50
michaelnebel
michaelnebel reviewed Apr 1, 2025
View reviewed changes
Copy link
Contributor

@michaelnebel michaelnebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for doing this @tamasvajk !

tamasvajk and others added 2 commits April 1, 2025 10:18
@tamasvajk @michaelnebel
Update csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetco…
398f041 
…re/Components.qll

Co-authored-by: Michael Nebel <michaelnebel@github.com>
@tamasvajk
Fix code quality
a570a72
michaelnebel
michaelnebel approved these changes Apr 1, 2025
View reviewed changes
Copy link
Contributor

@michaelnebel michaelnebel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!
Maybe run DCA before merging.

@tamasvajk tamasvajk merged commit befc2fd into github:main Apr 3, 2025
24 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@michaelnebel michaelnebel michaelnebel approved these changes

Assignees

No one assigned

Labels

C# documentation

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tamasvajk @michaelnebel @egregius313