Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

C#: Add common sources for Blazor components #18322

Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

C#: Add common sources for Blazor components #18322

wants to merge 5 commits into from
+8 −0

Conversation

egregius313
Copy link
Contributor

@egregius313 egregius313 commented Dec 18, 2024
edited
Loading

The attributes

- [Parameter]

Tell Blazor to initialize the variables with parameters defined by the route/form values/query parameters/etc. Values derived from the URI or form should be classified as remote flow sources.

Pull Request checklist

All query authors

Internal query authors only

- [ ] Autofixes generated based on these changes are valid, only needed if this PR makes significant changes to .ql, .qll, or .qhelp files. See the documentation (internal access required).

@Copilot Copilot bot review requested due to automatic review settings December 18, 2024 22:43
@egregius313 egregius313 requested a review from a team as a code owner December 18, 2024 22:43
Copilot
Copilot AI reviewed Dec 18, 2024
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 2 out of 4 changed files in this pull request and generated no comments.

Files not reviewed (2)
  • csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected: Language not supported
  • csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected: Language not supported
Comments suppressed due to low confidence (2)

csharp/ql/lib/ext/Microsoft.AspNetCore.Components.model.yml:8

  • The class name 'NagivationManager' appears to be misspelled. It should be 'NavigationManager'.
- ["Microsoft.AspNetCore.Components", "NagivationManager", True, "get_BaseUri", "", "", "ReturnValue", "remote", "manual"]

csharp/ql/lib/ext/Microsoft.AspNetCore.Components.model.yml:9

  • The class name 'NagivationManager' appears to be misspelled. It should be 'NavigationManager'.
- ["Microsoft.AspNetCore.Components", "NagivationManager", True, "get_Uri", "", "", "ReturnValue", "remote", "manual"]

Tip: If you use Visual Studio Code, you can request a review from Copilot before you push from the "Source Control" tab. Learn more
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 18, 2024
edited
Loading

⚠️ The head of this PR and the base branch were compared for differences in the framework coverage reports. The generated reports are available in the artifacts of this workflow run. The differences will be picked up by the nightly job after the PR gets merged.

Click to show differences in coverage

csharp

Generated file changes for csharp

  • Changes to framework-coverage-csharp.rst:
-    Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.Sdk.WebAssembly``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",59,2074,152,4
+    Others,"``Amazon.Lambda.APIGatewayEvents``, ``Amazon.Lambda.Core``, ``Dapper``, ``ILCompiler``, ``ILLink.RoslynAnalyzer``, ``ILLink.Shared``, ``ILLink.Tasks``, ``Internal.IL``, ``Internal.Pgo``, ``Internal.TypeSystem``, ``JsonToItemsTaskFactory``, ``Microsoft.Android.Build``, ``Microsoft.Apple.Build``, ``Microsoft.ApplicationBlocks.Data``, ``Microsoft.AspNetCore.Components``, ``Microsoft.AspNetCore.Mvc``, ``Microsoft.AspNetCore.WebUtilities``, ``Microsoft.CSharp``, ``Microsoft.Diagnostics.Tools.Pgo``, ``Microsoft.DotNet.Build.Tasks``, ``Microsoft.DotNet.PlatformAbstractions``, ``Microsoft.EntityFrameworkCore``, ``Microsoft.Extensions.Caching.Distributed``, ``Microsoft.Extensions.Caching.Memory``, ``Microsoft.Extensions.Configuration``, ``Microsoft.Extensions.DependencyInjection``, ``Microsoft.Extensions.DependencyModel``, ``Microsoft.Extensions.Diagnostics.Metrics``, ``Microsoft.Extensions.FileProviders``, ``Microsoft.Extensions.FileSystemGlobbing``, ``Microsoft.Extensions.Hosting``, ``Microsoft.Extensions.Http``, ``Microsoft.Extensions.Logging``, ``Microsoft.Extensions.Options``, ``Microsoft.Extensions.Primitives``, ``Microsoft.Interop``, ``Microsoft.JSInterop``, ``Microsoft.NET.Build.Tasks``, ``Microsoft.NET.Sdk.WebAssembly``, ``Microsoft.NET.WebAssembly.Webcil``, ``Microsoft.VisualBasic``, ``Microsoft.WebAssembly.Build.Tasks``, ``Microsoft.Win32``, ``Mono.Linker``, ``MySql.Data.MySqlClient``, ``Newtonsoft.Json``, ``SourceGenerators``, ``Windows.Security.Cryptography.Core``",61,2074,152,4
-    Totals,,106,12900,400,9
+    Totals,,108,12900,400,9
  • Changes to framework-coverage-csharp.csv:
- Microsoft.AspNetCore.Components,2,2,2,,,,,,,2,,,,,,,,,2,,,1,1
+ Microsoft.AspNetCore.Components,2,4,2,,,,,,,2,,,,,,,,,4,,,1,1

@egregius313 egregius313 force-pushed the egregius313/csharp/blazor/modeling/sources branch from 33a3ffe to 3a15660 Compare December 19, 2024 02:34
tamasvajk
tamasvajk previously approved these changes Dec 19, 2024
View reviewed changes
@egregius313 egregius313 dismissed tamasvajk’s stale review December 19, 2024 14:00

The merge-base changed after approval.

@egregius313
Model Blazor attributes as marking sources
b618ae0 
The attributes

- `[Parameter]`
- `[SupplyParameterFromFormAttribute]`
- `[SupplyParameterFromQueryAttribute]`

Tell Blazor to initialize the variables with parameters defined by the
route/form values/query parameters/etc. Values derived from the URI or
form should be classified as `remote` flow sources.
@egregius313
Change note
84936c0
@egregius313
Update tests
ae6752a
@egregius313
Fix test results
d0c9ba1
@egregius313 egregius313 force-pushed the egregius313/csharp/blazor/modeling/sources branch from 3a15660 to d0c9ba1 Compare December 19, 2024 14:02
tamasvajk
tamasvajk reviewed Dec 19, 2024
View reviewed changes
csharp/ql/lib/ext/Microsoft.AspNetCore.Components.model.yml Outdated
@@ -5,6 +5,9 @@ extensions:
data:
- ["Microsoft.AspNetCore.Components", "NavigationManager", True, "get_BaseUri", "", "", "ReturnValue", "remote", "manual"]
- ["Microsoft.AspNetCore.Components", "NavigationManager", True, "get_Uri", "", "", "ReturnValue", "remote", "manual"]
- ["Microsoft.AspNetCore.Components", "ParameterAttribute", False, "", "", "Attribute.Getter", "ReturnValue", "remote", "manual"]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can properties with [Parameter] attribute be controlled by the user? Aren't these only component parameters that are required for passing data from component to component?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I double checked:

Can properties with [Parameter] attribute be controlled by the user?

Yes, routing parameters for page components which are potentially controlled by a user navigating to those pages.

Example:

@page "/people-search/{year:int}/{name}"

@code {
   [Parameter]
   public string Name { get; set; }
   
   [Parameter]
   public int Year { get; set; }
}

Aren't these only component parameters that are required for passing data from component to component?

So while they aren't "only ... for passing data from component to component", that is the primary use case for them.

Because of that I have decided to remove [Parameter] from this PR and I will add some additional logic in QL to reason about it better.

@egregius313
Copy link
Contributor Author

@tamasvajk I double checked your point about [Parameter] and have decided that it requires additional logic to determine when it is likely a remote flow source vs when it is merely a component parameter.

The other two are specialized enough to where they will try to find the parameter (e.g. query strings/form values) that they should be considered sources.

tamasvajk
tamasvajk approved these changes Dec 20, 2024
View reviewed changes
Copy link
Contributor

@tamasvajk tamasvajk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot Copilot left review comments

@tamasvajk tamasvajk tamasvajk approved these changes

Assignees
No one assigned
Labels
C# documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@egregius313 @tamasvajk