C#: Update remote flow sources test to also report tainted members.

michaelnebel · michaelnebel · commit 3e11b2e6e6b5 · 2026-03-30T11:24:55.000+02:00
diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/remote/remoteFlowSource.expected b/csharp/ql/test/library-tests/dataflow/flowsources/remote/remoteFlowSource.expected
@@ -1,3 +1,5 @@
+remoteFlowSourceMembers
+remoteFlowSources
 | Controller.cs:11:43:11:52 | sampleData | ASP.NET MVC action method parameter |
 | Controller.cs:11:62:11:66 | taint | ASP.NET MVC action method parameter |
 | Controller.cs:16:43:16:52 | sampleData | ASP.NET MVC action method parameter |
diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/remote/remoteFlowSource.ql b/csharp/ql/test/library-tests/dataflow/flowsources/remote/remoteFlowSource.ql
@@ -1,5 +1,7 @@
 import semmle.code.csharp.security.dataflow.flowsources.Remote
 
-from RemoteFlowSource source
-where source.getLocation().getFile().fromSource()
-select source, source.getSourceType()
+query predicate remoteFlowSourceMembers(TaintTracking::TaintedMember m) { m.fromSource() }
+
+query predicate remoteFlowSources(RemoteFlowSource source, string type) {
+  source.getLocation().getFile().fromSource() and type = source.getSourceType()
+}

Original file line number	Diff line number	Diff line change
`@@ -1,3 +1,5 @@`
	`1`	`+remoteFlowSourceMembers`
	`2`	`+remoteFlowSources`
`1`	`3`	`\| Controller.cs:11:43:11:52 \| sampleData \| ASP.NET MVC action method parameter \|`
`2`	`4`	`\| Controller.cs:11:62:11:66 \| taint \| ASP.NET MVC action method parameter \|`
`3`	`5`	`\| Controller.cs:16:43:16:52 \| sampleData \| ASP.NET MVC action method parameter \|`