From ecb4c79efa011fae516843ba4ae5f46af8115f4e Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 22 Nov 2024 08:10:04 +0100 Subject: [PATCH] C#: Update expected test output. --- .../dataflow/async/Async.expected | 2 +- .../collections/CollectionFlow.expected | 30 ++++----- .../external-models/ExternalFlow.expected | 62 +++++++++---------- .../dataflow/global/DataFlowPath.expected | 28 ++++----- .../global/TaintTrackingPath.expected | 48 +++++++------- .../threat-models-flowtest1.expected | 4 +- .../threat-models-flowtest2.expected | 6 +- .../threat-models-flowtest3.expected | 10 +-- .../threat-models-flowtest4.expected | 12 ++-- .../threat-models-flowtest5.expected | 8 +-- .../threat-models-flowtest6.expected | 8 +-- .../TypeFlowDispatch.expected | 2 +- .../EntityFramework/Dataflow.expected | 8 +-- .../UntrustedDataToExternalAPI.expected | 4 +- .../CWE-022/TaintedPath/TaintedPath.expected | 2 +- .../CWE-022/ZipSlip/ZipSlip.expected | 4 +- .../CWE-078/CommandInjection.expected | 2 +- .../CWE-079/StoredXSS/StoredXSS.expected | 2 +- .../CWE-079/XSS/XSS.expected | 6 +- .../CWE-079/XSSAsp/XSS.expected | 12 ++-- .../CWE-089/SqlInjection.expected | 52 ++++++++-------- .../CWE-090/LDAPInjection.expected | 2 +- .../XMLInjection/XMLInjection.expected | 2 +- .../CWE-094/CodeInjection.expected | 2 +- .../CWE-099/ResourceInjection.expected | 2 +- .../CWE-112/MissingXMLValidation.expected | 4 +- .../AssemblyPathInjection.expected | 2 +- .../CWE-117/LogForging.expected | 2 +- .../CWE-134/UncontrolledFormatString.expected | 4 +- .../ExposureInTransmittedData.expected | 4 +- .../ExceptionInformationExposure.expected | 4 +- .../CWE-338/InsecureRandomness.expected | 6 +- ...safeDeserializationUntrustedInput.expected | 4 +- ...safeDeserializationUntrustedInput.expected | 2 +- .../CWE-601/UrlRedirect/UrlRedirect.expected | 10 +-- .../CWE-611/UntrustedDataInsecureXml.expected | 2 +- .../CWE-643/XPathInjection.expected | 2 +- .../CWE-730/ReDoS/ReDoS.expected | 2 +- .../CWE-730/ReDoSGlobalTimeout/ReDoS.expected | 2 +- .../RegexInjection/RegexInjection.expected | 2 +- .../CWE-807/ConditionalBypass.expected | 6 +- .../CWE-838/InappropriateEncoding.expected | 6 +- 42 files changed, 192 insertions(+), 192 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/async/Async.expected b/csharp/ql/test/library-tests/dataflow/async/Async.expected index baab59e91808..eb942156b3a2 100644 --- a/csharp/ql/test/library-tests/dataflow/async/Async.expected +++ b/csharp/ql/test/library-tests/dataflow/async/Async.expected @@ -1,5 +1,5 @@ models -| 1 | Summary: System.Threading.Tasks; Task; false; FromResult; (TResult); ; Argument[0]; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | +| 1 | Summary: System.Threading.Tasks; Task; true; FromResult; (TResult); ; Argument[0]; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | edges | Async.cs:9:37:9:41 | input : String | Async.cs:11:21:11:25 | access to parameter input : String | provenance | | | Async.cs:11:21:11:25 | access to parameter input : String | Async.cs:11:14:11:26 | call to method Return | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected b/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected index 18155300ff0f..91f6d4a5a737 100644 --- a/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected @@ -1,6 +1,6 @@ models -| 1 | Summary: System.Collections.Generic; Dictionary; false; get_Keys; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; ReturnValue.Element; value; manual | -| 2 | Summary: System.Collections.Generic; Dictionary; false; get_Values; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; ReturnValue.Element; value; manual | +| 1 | Summary: System.Collections.Generic; Dictionary; true; get_Keys; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; ReturnValue.Element; value; manual | +| 2 | Summary: System.Collections.Generic; Dictionary; true; get_Values; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; ReturnValue.Element; value; manual | | 3 | Summary: System.Collections.Generic; ICollection; true; Add; (T); ; Argument[0]; Argument[this].Element; value; manual | | 4 | Summary: System.Collections.Generic; IDictionary; true; Add; (TKey,TValue); ; Argument[0]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; value; manual | | 5 | Summary: System.Collections.Generic; IDictionary; true; Add; (TKey,TValue); ; Argument[1]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; value; manual | @@ -11,20 +11,20 @@ models | 10 | Summary: System.Collections.Generic; IDictionary; true; set_Item; (TKey,TValue); ; Argument[1]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; value; manual | | 11 | Summary: System.Collections.Generic; IList; true; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | | 12 | Summary: System.Collections.Generic; IList; true; set_Item; (System.Int32,T); ; Argument[1]; Argument[this].Element; value; manual | -| 13 | Summary: System.Collections.Generic; KeyValuePair; false; KeyValuePair; (TKey,TValue); ; Argument[0]; Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Key]; value; manual | -| 14 | Summary: System.Collections.Generic; List+Enumerator; false; get_Current; (); ; Argument[this].Property[System.Collections.Generic.List`1+Enumerator.Current]; ReturnValue; value; dfc-generated | -| 15 | Summary: System.Collections.Generic; List; false; GetEnumerator; (); ; Argument[this].Element; ReturnValue.Property[System.Collections.Generic.List`1+Enumerator.Current]; value; manual | +| 13 | Summary: System.Collections.Generic; KeyValuePair; true; KeyValuePair; (TKey,TValue); ; Argument[0]; Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Key]; value; manual | +| 14 | Summary: System.Collections.Generic; List+Enumerator; true; get_Current; (); ; Argument[this].Property[System.Collections.Generic.List`1+Enumerator.Current]; ReturnValue; value; dfc-generated | +| 15 | Summary: System.Collections.Generic; List; true; GetEnumerator; (); ; Argument[this].Element; ReturnValue.Property[System.Collections.Generic.List`1+Enumerator.Current]; value; manual | | 16 | Summary: System.Collections; IEnumerable; true; GetEnumerator; (); ; Argument[this].Element; ReturnValue.Property[System.Collections.IEnumerator.Current]; value; manual | -| 17 | Summary: System.Linq; Enumerable; false; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | -| 18 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 19 | Summary: System; ReadOnlySpan; false; ReadOnlySpan; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual | -| 20 | Summary: System; ReadOnlySpan; false; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | -| 21 | Summary: System; Span; false; CopyTo; (System.Span); ; Argument[this].Element; Argument[0].Element; value; manual | -| 22 | Summary: System; Span; false; Fill; (T); ; Argument[0]; Argument[this].Element; value; manual | -| 23 | Summary: System; Span; false; Span; (T); ; Argument[0]; Argument[this].Element; value; manual | -| 24 | Summary: System; Span; false; Span; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual | -| 25 | Summary: System; Span; false; ToArray; (); ; Argument[this].Element; ReturnValue.Element; value; manual | -| 26 | Summary: System; Span; false; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | +| 17 | Summary: System.Linq; Enumerable; true; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | +| 18 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 19 | Summary: System; ReadOnlySpan; true; ReadOnlySpan; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual | +| 20 | Summary: System; ReadOnlySpan; true; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | +| 21 | Summary: System; Span; true; CopyTo; (System.Span); ; Argument[this].Element; Argument[0].Element; value; manual | +| 22 | Summary: System; Span; true; Fill; (T); ; Argument[0]; Argument[this].Element; value; manual | +| 23 | Summary: System; Span; true; Span; (T); ; Argument[0]; Argument[this].Element; value; manual | +| 24 | Summary: System; Span; true; Span; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual | +| 25 | Summary: System; Span; true; ToArray; (); ; Argument[this].Element; ReturnValue.Element; value; manual | +| 26 | Summary: System; Span; true; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | edges | CollectionFlow.cs:14:40:14:41 | ts : A[] [element] : A | CollectionFlow.cs:14:52:14:53 | access to parameter ts : A[] [element] : A | provenance | | | CollectionFlow.cs:14:40:14:41 | ts : null [element] : A | CollectionFlow.cs:14:52:14:53 | access to parameter ts : null [element] : A | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected index 7254208be186..381e43774155 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected @@ -1,37 +1,37 @@ models -| 1 | Summary: My.Qltest; D; false; Apply2; (System.Action,My.Qltest.D,My.Qltest.D); ; Argument[1].Field[My.Qltest.D.Field]; Argument[0].Parameter[0]; value; manual | -| 2 | Summary: My.Qltest; D; false; Apply; (System.Func,S); ; Argument[0].ReturnValue; ReturnValue; value; manual | -| 3 | Summary: My.Qltest; D; false; Apply; (System.Func,S); ; Argument[1]; Argument[0].Parameter[0]; value; manual | -| 4 | Summary: My.Qltest; D; false; Map; (S[],System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 5 | Summary: My.Qltest; D; false; Map; (S[],System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | -| 6 | Summary: My.Qltest; D; false; Parse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual | -| 7 | Summary: My.Qltest; D; false; Reverse; (System.Object[]); ; Argument[0].WithElement; ReturnValue; value; manual | -| 8 | Summary: My.Qltest; D; false; StepArgArg; (System.Object,System.Object); ; Argument[0]; Argument[1]; taint; manual | -| 9 | Summary: My.Qltest; D; false; StepArgQual; (System.Object); ; Argument[0]; Argument[this]; taint; manual | -| 10 | Summary: My.Qltest; D; false; StepArgRes; (System.Object); ; Argument[0]; ReturnValue; taint; manual | -| 11 | Summary: My.Qltest; D; false; StepElementGetter; (); ; Argument[this].Element; ReturnValue; value; manual | -| 12 | Summary: My.Qltest; D; false; StepElementSetter; (System.Object); ; Argument[0]; Argument[this].Element; value; manual | -| 13 | Summary: My.Qltest; D; false; StepFieldGetter; (); ; Argument[this].Field[My.Qltest.D.Field]; ReturnValue; value; manual | -| 14 | Summary: My.Qltest; D; false; StepFieldSetter; (System.Object); ; Argument[0]; Argument[this].Field[My.Qltest.D.Field]; value; manual | -| 15 | Summary: My.Qltest; D; false; StepFieldSetter; (System.Object); ; Argument[this]; ReturnValue.Field[My.Qltest.D.Field2]; value; manual | -| 16 | Summary: My.Qltest; D; false; StepPropertyGetter; (); ; Argument[this].Property[My.Qltest.D.Property]; ReturnValue; value; manual | -| 17 | Summary: My.Qltest; D; false; StepPropertySetter; (System.Object); ; Argument[0]; Argument[this].Property[My.Qltest.D.Property]; value; manual | +| 1 | Summary: My.Qltest; D; true; Apply2; (System.Action,My.Qltest.D,My.Qltest.D); ; Argument[1].Field[My.Qltest.D.Field]; Argument[0].Parameter[0]; value; manual | +| 2 | Summary: My.Qltest; D; true; Apply; (System.Func,S); ; Argument[0].ReturnValue; ReturnValue; value; manual | +| 3 | Summary: My.Qltest; D; true; Apply; (System.Func,S); ; Argument[1]; Argument[0].Parameter[0]; value; manual | +| 4 | Summary: My.Qltest; D; true; Map; (S[],System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 5 | Summary: My.Qltest; D; true; Map; (S[],System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | +| 6 | Summary: My.Qltest; D; true; Parse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual | +| 7 | Summary: My.Qltest; D; true; Reverse; (System.Object[]); ; Argument[0].WithElement; ReturnValue; value; manual | +| 8 | Summary: My.Qltest; D; true; StepArgArg; (System.Object,System.Object); ; Argument[0]; Argument[1]; taint; manual | +| 9 | Summary: My.Qltest; D; true; StepArgQual; (System.Object); ; Argument[0]; Argument[this]; taint; manual | +| 10 | Summary: My.Qltest; D; true; StepArgRes; (System.Object); ; Argument[0]; ReturnValue; taint; manual | +| 11 | Summary: My.Qltest; D; true; StepElementGetter; (); ; Argument[this].Element; ReturnValue; value; manual | +| 12 | Summary: My.Qltest; D; true; StepElementSetter; (System.Object); ; Argument[0]; Argument[this].Element; value; manual | +| 13 | Summary: My.Qltest; D; true; StepFieldGetter; (); ; Argument[this].Field[My.Qltest.D.Field]; ReturnValue; value; manual | +| 14 | Summary: My.Qltest; D; true; StepFieldSetter; (System.Object); ; Argument[0]; Argument[this].Field[My.Qltest.D.Field]; value; manual | +| 15 | Summary: My.Qltest; D; true; StepFieldSetter; (System.Object); ; Argument[this]; ReturnValue.Field[My.Qltest.D.Field2]; value; manual | +| 16 | Summary: My.Qltest; D; true; StepPropertyGetter; (); ; Argument[this].Property[My.Qltest.D.Property]; ReturnValue; value; manual | +| 17 | Summary: My.Qltest; D; true; StepPropertySetter; (System.Object); ; Argument[0]; Argument[this].Property[My.Qltest.D.Property]; value; manual | | 18 | Summary: My.Qltest; E; true; get_MyProp; (); ; Argument[this].Field[My.Qltest.E.MyField]; ReturnValue; value; manual | | 19 | Summary: My.Qltest; E; true; set_MyProp; (System.Object); ; Argument[0]; Argument[this].Field[My.Qltest.E.MyField]; value; manual | -| 20 | Summary: My.Qltest; HE; false; ExtensionMethod; (My.Qltest.HI); ; Argument[0]; ReturnValue; value; manual | -| 21 | Summary: My.Qltest; I; false; GetFirst; (My.Qltest.MyInlineArray); ; Argument[0].Element; ReturnValue; value; manual | -| 22 | Summary: My.Qltest; J; false; SetProp1; (System.Object); ; Argument[0]; Argument[this]; value; manual | -| 23 | Summary: My.Qltest; J; false; get_Prop1; (); ; Argument[this]; ReturnValue; value; manual | -| 24 | Summary: My.Qltest; K; false; GetMyFieldOnSyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField2].Field[My.Qltest.K.MyField]; ReturnValue; value; manual | -| 25 | Summary: My.Qltest; K; false; GetMyNestedSyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField1].SyntheticField[MySyntheticField1.MyNestedSyntheticField]; ReturnValue; value; manual | -| 26 | Summary: My.Qltest; K; false; GetMySyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField]; ReturnValue; value; manual | -| 27 | Summary: My.Qltest; K; false; SetMyFieldOnSyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField2].Field[My.Qltest.K.MyField]; value; manual | -| 28 | Summary: My.Qltest; K; false; SetMyNestedSyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField1].SyntheticField[MySyntheticField1.MyNestedSyntheticField]; value; manual | -| 29 | Summary: My.Qltest; K; false; SetMySyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField]; value; manual | -| 30 | Summary: My.Qltest; Library; false; GeneratedFlowWithGeneratedNeutral; (System.Object); ; Argument[0]; ReturnValue; value; df-generated | -| 31 | Summary: My.Qltest; Library; false; GetValue; (); ; Argument[this].SyntheticField[X]; ReturnValue; value; dfc-generated | -| 32 | Summary: My.Qltest; Library; false; MixedFlowArgs; (System.Object,System.Object); ; Argument[1]; ReturnValue; value; manual | -| 33 | Summary: My.Qltest; Library; false; SetValue; (System.Object); ; Argument[0]; Argument[this].SyntheticField[X]; value; dfc-generated | +| 20 | Summary: My.Qltest; HE; true; ExtensionMethod; (My.Qltest.HI); ; Argument[0]; ReturnValue; value; manual | +| 21 | Summary: My.Qltest; I; true; GetFirst; (My.Qltest.MyInlineArray); ; Argument[0].Element; ReturnValue; value; manual | +| 22 | Summary: My.Qltest; J; true; SetProp1; (System.Object); ; Argument[0]; Argument[this]; value; manual | +| 23 | Summary: My.Qltest; J; true; get_Prop1; (); ; Argument[this]; ReturnValue; value; manual | +| 24 | Summary: My.Qltest; K; true; GetMyFieldOnSyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField2].Field[My.Qltest.K.MyField]; ReturnValue; value; manual | +| 25 | Summary: My.Qltest; K; true; GetMyNestedSyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField1].SyntheticField[MySyntheticField1.MyNestedSyntheticField]; ReturnValue; value; manual | +| 26 | Summary: My.Qltest; K; true; GetMySyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField]; ReturnValue; value; manual | +| 27 | Summary: My.Qltest; K; true; SetMyFieldOnSyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField2].Field[My.Qltest.K.MyField]; value; manual | +| 28 | Summary: My.Qltest; K; true; SetMyNestedSyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField1].SyntheticField[MySyntheticField1.MyNestedSyntheticField]; value; manual | +| 29 | Summary: My.Qltest; K; true; SetMySyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField]; value; manual | +| 30 | Summary: My.Qltest; Library; true; GeneratedFlowWithGeneratedNeutral; (System.Object); ; Argument[0]; ReturnValue; value; df-generated | +| 31 | Summary: My.Qltest; Library; true; GetValue; (); ; Argument[this].SyntheticField[X]; ReturnValue; value; dfc-generated | +| 32 | Summary: My.Qltest; Library; true; MixedFlowArgs; (System.Object,System.Object); ; Argument[1]; ReturnValue; value; manual | +| 33 | Summary: My.Qltest; Library; true; SetValue; (System.Object); ; Argument[0]; Argument[this].SyntheticField[X]; value; dfc-generated | edges | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | provenance | | | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected index 74c1c62de1fe..6ad0f5a9113c 100644 --- a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected @@ -1,18 +1,18 @@ models -| 1 | Summary: System.Collections.Generic; List; false; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | -| 2 | Summary: System.Linq; Enumerable; false; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | -| 3 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 4 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | -| 5 | Summary: System.Linq; Enumerable; false; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual | -| 6 | Summary: System.Linq; Enumerable; false; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual | -| 7 | Summary: System.Linq; Queryable; false; AsQueryable; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue.Element; value; manual | -| 8 | Summary: System.Linq; Queryable; false; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | -| 9 | Summary: System.Linq; Queryable; false; Select; (System.Linq.IQueryable,System.Linq.Expressions.Expression>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 10 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual | -| 11 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual | -| 12 | Summary: System.Threading.Tasks; Task; false; Run; (System.Func); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | -| 13 | Summary: System.Threading.Tasks; Task; false; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual | -| 14 | Summary: System; Lazy; false; Lazy; (System.Func); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual | +| 1 | Summary: System.Collections.Generic; List; true; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | +| 2 | Summary: System.Linq; Enumerable; true; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | +| 3 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 4 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | +| 5 | Summary: System.Linq; Enumerable; true; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual | +| 6 | Summary: System.Linq; Enumerable; true; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual | +| 7 | Summary: System.Linq; Queryable; true; AsQueryable; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue.Element; value; manual | +| 8 | Summary: System.Linq; Queryable; true; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | +| 9 | Summary: System.Linq; Queryable; true; Select; (System.Linq.IQueryable,System.Linq.Expressions.Expression>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 10 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable+ConfiguredTaskAwaiter; true; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual | +| 11 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable; true; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual | +| 12 | Summary: System.Threading.Tasks; Task; true; Run; (System.Func); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | +| 13 | Summary: System.Threading.Tasks; Task; true; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual | +| 14 | Summary: System; Lazy; true; Lazy; (System.Func); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual | edges | Capture.cs:7:20:7:26 | tainted : String | Capture.cs:14:9:14:18 | access to local function CaptureIn1 : CaptureIn1 [captured tainted] : String | provenance | | | Capture.cs:7:20:7:26 | tainted : String | Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected index 1d05b0ae55ed..81d2f8ce3576 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected @@ -1,28 +1,28 @@ models -| 1 | Summary: System.Collections.Generic; List; false; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | -| 2 | Summary: System.Linq; Enumerable; false; Aggregate; (System.Collections.Generic.IEnumerable,TAccumulate,System.Func,System.Func); ; Argument[0].Element; Argument[2].Parameter[1]; value; manual | -| 3 | Summary: System.Linq; Enumerable; false; Aggregate; (System.Collections.Generic.IEnumerable,TAccumulate,System.Func,System.Func); ; Argument[1]; Argument[2].Parameter[0]; value; manual | -| 4 | Summary: System.Linq; Enumerable; false; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | -| 5 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 6 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | -| 7 | Summary: System.Linq; Enumerable; false; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual | -| 8 | Summary: System.Linq; Enumerable; false; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual | -| 9 | Summary: System.Linq; Queryable; false; AsQueryable; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue.Element; value; manual | -| 10 | Summary: System.Linq; Queryable; false; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | -| 11 | Summary: System.Linq; Queryable; false; Select; (System.Linq.IQueryable,System.Linq.Expressions.Expression>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 12 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual | -| 13 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual | -| 14 | Summary: System.Text; StringBuilder; false; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual | -| 15 | Summary: System.Text; StringBuilder; false; Append; (System.Text.StringBuilder); ; Argument[0]; Argument[this]; taint; manual | -| 16 | Summary: System.Text; StringBuilder; false; Append; (System.Text.StringBuilder+AppendInterpolatedStringHandler); ; Argument[0]; Argument[this]; taint; manual | -| 17 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual | -| 18 | Summary: System.Threading.Tasks; Task; false; Run; (System.Func); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | -| 19 | Summary: System.Threading.Tasks; Task; false; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual | -| 20 | Summary: System; Boolean; false; TryParse; (System.String,System.Boolean); ; Argument[0]; Argument[1]; taint; manual | -| 21 | Summary: System; Int32; false; TryParse; (System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32); ; Argument[0]; Argument[3]; taint; manual | -| 22 | Summary: System; Int32; false; TryParse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual | -| 23 | Summary: System; Lazy; false; Lazy; (System.Func); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual | -| 24 | Summary: System; String; false; Join; (System.String,System.String[]); ; Argument[1].Element; ReturnValue; taint; manual | +| 1 | Summary: System.Collections.Generic; List; true; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | +| 2 | Summary: System.Linq; Enumerable; true; Aggregate; (System.Collections.Generic.IEnumerable,TAccumulate,System.Func,System.Func); ; Argument[0].Element; Argument[2].Parameter[1]; value; manual | +| 3 | Summary: System.Linq; Enumerable; true; Aggregate; (System.Collections.Generic.IEnumerable,TAccumulate,System.Func,System.Func); ; Argument[1]; Argument[2].Parameter[0]; value; manual | +| 4 | Summary: System.Linq; Enumerable; true; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | +| 5 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 6 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | +| 7 | Summary: System.Linq; Enumerable; true; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual | +| 8 | Summary: System.Linq; Enumerable; true; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual | +| 9 | Summary: System.Linq; Queryable; true; AsQueryable; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue.Element; value; manual | +| 10 | Summary: System.Linq; Queryable; true; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | +| 11 | Summary: System.Linq; Queryable; true; Select; (System.Linq.IQueryable,System.Linq.Expressions.Expression>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 12 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable+ConfiguredTaskAwaiter; true; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual | +| 13 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable; true; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual | +| 14 | Summary: System.Text; StringBuilder; true; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 15 | Summary: System.Text; StringBuilder; true; Append; (System.Text.StringBuilder); ; Argument[0]; Argument[this]; taint; manual | +| 16 | Summary: System.Text; StringBuilder; true; Append; (System.Text.StringBuilder+AppendInterpolatedStringHandler); ; Argument[0]; Argument[this]; taint; manual | +| 17 | Summary: System.Text; StringBuilder; true; ToString; (); ; Argument[this]; ReturnValue; taint; manual | +| 18 | Summary: System.Threading.Tasks; Task; true; Run; (System.Func); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | +| 19 | Summary: System.Threading.Tasks; Task; true; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual | +| 20 | Summary: System; Boolean; true; TryParse; (System.String,System.Boolean); ; Argument[0]; Argument[1]; taint; manual | +| 21 | Summary: System; Int32; true; TryParse; (System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32); ; Argument[0]; Argument[3]; taint; manual | +| 22 | Summary: System; Int32; true; TryParse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual | +| 23 | Summary: System; Lazy; true; Lazy; (System.Func); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual | +| 24 | Summary: System; String; true; Join; (System.String,System.String[]); ; Argument[1].Element; ReturnValue; taint; manual | edges | Capture.cs:7:20:7:26 | tainted : String | Capture.cs:14:9:14:18 | access to local function CaptureIn1 : CaptureIn1 [captured tainted] : String | provenance | | | Capture.cs:7:20:7:26 | tainted : String | Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected index a3850dd73ebd..70e31c1ad83a 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected @@ -1,6 +1,6 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 3 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected index 9b1b32b57fda..dfc6509d8e0f 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected @@ -1,7 +1,7 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual | -| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; ExecuteQuery; (System.String); ; ReturnValue; database; manual | +| 3 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 4 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 5 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected index ee8d0615b2d4..35ba8661aeb4 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected @@ -1,9 +1,9 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual | -| 3 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | -| 4 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual | -| 5 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; ExecuteQuery; (System.String); ; ReturnValue; database; manual | +| 3 | Source: My.Qltest; TestSources; true; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | +| 4 | Source: My.Qltest; TestSources; true; ReadEnv; (System.String); ; ReturnValue; environment; manual | +| 5 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 6 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 7 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected index cac7f178b409..9b155b6eb560 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected @@ -1,10 +1,10 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual | -| 3 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | -| 4 | Source: My.Qltest; TestSources; false; GetCustom; (System.String); ; ReturnValue; custom; manual | -| 5 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual | -| 6 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; ExecuteQuery; (System.String); ; ReturnValue; database; manual | +| 3 | Source: My.Qltest; TestSources; true; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | +| 4 | Source: My.Qltest; TestSources; true; GetCustom; (System.String); ; ReturnValue; custom; manual | +| 5 | Source: My.Qltest; TestSources; true; ReadEnv; (System.String); ; ReturnValue; environment; manual | +| 6 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 7 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 8 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected index b0e7142693f9..51c15f0538b1 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected @@ -1,8 +1,8 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | -| 3 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual | -| 4 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | +| 3 | Source: My.Qltest; TestSources; true; ReadEnv; (System.String); ; ReturnValue; environment; manual | +| 4 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 5 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 6 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected index ae9fccfab806..b0dd873f2d29 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected @@ -1,8 +1,8 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual | -| 3 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | -| 4 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; ExecuteQuery; (System.String); ; ReturnValue; database; manual | +| 3 | Source: My.Qltest; TestSources; true; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | +| 4 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 5 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 6 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected b/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected index 27a1929950a9..4045d32ee038 100644 --- a/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected +++ b/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected @@ -1,6 +1,6 @@ models | 1 | Summary: System.Collections.Generic; ICollection; true; Add; (T); ; Argument[0]; Argument[this].Element; value; manual | -| 2 | Summary: System.Collections.Generic; List; false; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | +| 2 | Summary: System.Collections.Generic; List; true; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | edges | TypeFlowDispatch.cs:11:42:11:42 | x : String | TypeFlowDispatch.cs:13:11:13:11 | access to parameter x : String | provenance | | | TypeFlowDispatch.cs:11:42:11:42 | x : String | TypeFlowDispatch.cs:13:11:13:11 | access to parameter x : String | provenance | | diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected b/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected index 8edb49dffbb4..f3d0e199b5ba 100644 --- a/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected +++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected @@ -1,8 +1,8 @@ models -| 1 | Summary: Microsoft.EntityFrameworkCore; DbSet; false; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual | -| 2 | Summary: System.Data.Entity; DbSet; false; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual | -| 3 | Summary: System.Linq; Enumerable; false; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | -| 4 | Summary: System.Linq; Queryable; false; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | +| 1 | Summary: Microsoft.EntityFrameworkCore; DbSet; true; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual | +| 2 | Summary: System.Data.Entity; DbSet; true; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual | +| 3 | Summary: System.Linq; Enumerable; true; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | +| 4 | Summary: System.Linq; Queryable; true; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | edges | EntityFramework.cs:58:17:58:18 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:66:29:66:30 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFramework.cs:59:13:62:13 | { ..., ... } : Person [property Name] : String | EntityFramework.cs:58:17:58:18 | access to local variable p1 : Person [property Name] : String | provenance | | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected index bef499f03356..152c2879ecd7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected @@ -7,8 +7,8 @@ edges | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:20:9:50 | access to indexer : String | provenance | MaD:2 | | UntrustedData.cs:9:20:9:50 | access to indexer : String | UntrustedData.cs:9:13:9:16 | access to local variable name : String | provenance | | models -| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 2 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | UntrustedData.cs:9:13:9:16 | access to local variable name : String | semmle.label | access to local variable name : String | | UntrustedData.cs:9:20:9:30 | access to property Request | semmle.label | access to property Request | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected index edb948d412c2..b50a4ff7e639 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected @@ -19,7 +19,7 @@ edges | TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:36:25:36:31 | access to local variable badPath | provenance | | | TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:38:49:38:55 | access to local variable badPath | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | TaintedPath.cs:10:16:10:19 | access to local variable path : String | semmle.label | access to local variable path : String | | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected index 8e59305b4c2e..ebddbbbfbb19 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected @@ -36,8 +36,8 @@ edges | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | ZipSlipBad.cs:9:16:9:27 | access to local variable destFileName : String | provenance | | | ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | provenance | MaD:1 | models -| 1 | Summary: System.IO; Path; false; Combine; (System.String,System.String); ; Argument[1]; ReturnValue; taint; manual | -| 2 | Summary: System.IO; Path; false; GetFullPath; (System.String); ; Argument[0]; ReturnValue; taint; manual | +| 1 | Summary: System.IO; Path; true; Combine; (System.String,System.String); ; Argument[1]; ReturnValue; taint; manual | +| 2 | Summary: System.IO; Path; true; GetFullPath; (System.String); ; Argument[0]; ReturnValue; taint; manual | nodes | ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | semmle.label | access to local variable fullPath : String | | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | semmle.label | call to method GetFullPath : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected index 6e3714bd4978..6323aa7cbcbf 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected @@ -23,7 +23,7 @@ edges | CommandInjection.cs:51:54:51:80 | call to method GetString : String | CommandInjection.cs:51:46:51:80 | ... + ... | provenance | | models | 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | -| 2 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 2 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | nodes | CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | semmle.label | access to local variable userInput : String | | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected index 8304e8a6e698..b7ebd9819978 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected @@ -6,7 +6,7 @@ edges | StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | StoredXSS.cs:22:60:22:86 | call to method GetString : String | provenance | MaD:2 | | StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | provenance | Sink:MaD:1 | models -| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | +| 1 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | | 2 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | nodes | StoredXSS.cs:17:31:17:44 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected index fe184fdff75a..b09bf52e9ead 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected @@ -42,9 +42,9 @@ edges | XSSAspNetCore.cs:77:17:77:22 | access to local variable header : StringValues | XSSAspNetCore.cs:78:51:78:56 | call to operator implicit conversion | provenance | | | XSSAspNetCore.cs:77:26:77:40 | access to property Headers : IHeaderDictionary | XSSAspNetCore.cs:77:17:77:22 | access to local variable header : StringValues | provenance | | models -| 1 | Summary: Microsoft.Extensions.Primitives; StringValues; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual | -| 2 | Summary: Microsoft.Extensions.Primitives; StringValues; false; get_Item; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | -| 3 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: Microsoft.Extensions.Primitives; StringValues; true; ToString; (); ; Argument[this]; ReturnValue; taint; manual | +| 2 | Summary: Microsoft.Extensions.Primitives; StringValues; true; get_Item; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | +| 3 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | Index.cshtml:5:9:5:15 | access to local variable message : StringValues | semmle.label | access to local variable message : StringValues | | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | semmle.label | access to property Query : IQueryCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected index b89708b8f034..c765868a040e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected @@ -49,12 +49,12 @@ edges | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | provenance | | | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | provenance | | models -| 1 | Sink: System.Net.Http; StringContent; false; StringContent; ; ; Argument[0]; js-injection; manual | -| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 3 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | -| 4 | Summary: System.Text; StringBuilder; false; AppendFormat; (System.String,System.Object); ; Argument[1]; Argument[this]; taint; manual | -| 5 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual | -| 6 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 1 | Sink: System.Net.Http; StringContent; true; StringContent; ; ; Argument[0]; js-injection; manual | +| 2 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 3 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 4 | Summary: System.Text; StringBuilder; true; AppendFormat; (System.String,System.Object); ; Argument[1]; Argument[this]; taint; manual | +| 5 | Summary: System.Text; StringBuilder; true; ToString; (); ; Argument[this]; ReturnValue; taint; manual | +| 6 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | nodes | XSS.cs:26:13:26:21 | [post] access to local variable userInput : StringBuilder | semmle.label | [post] access to local variable userInput : StringBuilder | | XSS.cs:26:48:26:62 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected index 238cbd0bc3ba..0c3fea4e8ef1 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected @@ -101,34 +101,34 @@ edges | SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance | MaD:28 | | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | provenance | | models -| 1 | Sink: Dapper; SqlMapper; false; ExecuteAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 2 | Sink: Dapper; SqlMapper; false; ExecuteReader; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 3 | Sink: Dapper; SqlMapper; false; ExecuteScalar; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 4 | Sink: Dapper; SqlMapper; false; Query; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 5 | Sink: Dapper; SqlMapper; false; QueryAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 6 | Sink: Dapper; SqlMapper; false; QueryFirstAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 7 | Sink: System.Data.Entity; Database; false; ExecuteSqlCommand; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual | -| 8 | Sink: System.Data.Entity; Database; false; SqlQuery; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual | -| 9 | Sink: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String); ; Argument[0]; sql-injection; manual | -| 10 | Sink: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual | -| 11 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.Data.SQLite.SQLiteCommand); ; Argument[0]; sql-injection; manual | -| 12 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual | -| 13 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.String,System.String); ; Argument[0]; sql-injection; manual | -| 14 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String); ; Argument[0]; sql-injection; manual | -| 15 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 16 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.Data.SqlClient.SqlCommand); ; Argument[0]; sql-injection; manual | -| 17 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 18 | Source: System.IO; FileStream; false; FileStream; ; ; Argument[this]; file-write; manual | -| 19 | Source: System.IO; FileStream; false; FileStream; ; ; Argument[this]; file; manual | -| 20 | Source: System; Console; false; ReadLine; ; ; ReturnValue; stdin; manual | -| 21 | Summary: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; Argument[this]; taint; manual | -| 22 | Summary: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 1 | Sink: Dapper; SqlMapper; true; ExecuteAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 2 | Sink: Dapper; SqlMapper; true; ExecuteReader; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 3 | Sink: Dapper; SqlMapper; true; ExecuteScalar; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 4 | Sink: Dapper; SqlMapper; true; Query; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 5 | Sink: Dapper; SqlMapper; true; QueryAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 6 | Sink: Dapper; SqlMapper; true; QueryFirstAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 7 | Sink: System.Data.Entity; Database; true; ExecuteSqlCommand; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual | +| 8 | Sink: System.Data.Entity; Database; true; SqlQuery; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual | +| 9 | Sink: System.Data.SQLite; SQLiteCommand; true; SQLiteCommand; (System.String); ; Argument[0]; sql-injection; manual | +| 10 | Sink: System.Data.SQLite; SQLiteCommand; true; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual | +| 11 | Sink: System.Data.SQLite; SQLiteDataAdapter; true; SQLiteDataAdapter; (System.Data.SQLite.SQLiteCommand); ; Argument[0]; sql-injection; manual | +| 12 | Sink: System.Data.SQLite; SQLiteDataAdapter; true; SQLiteDataAdapter; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual | +| 13 | Sink: System.Data.SQLite; SQLiteDataAdapter; true; SQLiteDataAdapter; (System.String,System.String); ; Argument[0]; sql-injection; manual | +| 14 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String); ; Argument[0]; sql-injection; manual | +| 15 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 16 | Sink: System.Data.SqlClient; SqlDataAdapter; true; SqlDataAdapter; (System.Data.SqlClient.SqlCommand); ; Argument[0]; sql-injection; manual | +| 17 | Sink: System.Data.SqlClient; SqlDataAdapter; true; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 18 | Source: System.IO; FileStream; true; FileStream; ; ; Argument[this]; file-write; manual | +| 19 | Source: System.IO; FileStream; true; FileStream; ; ; Argument[this]; file; manual | +| 20 | Source: System; Console; true; ReadLine; ; ; ReturnValue; stdin; manual | +| 21 | Summary: System.Data.SQLite; SQLiteCommand; true; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; Argument[this]; taint; manual | +| 22 | Summary: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String); ; Argument[0]; Argument[this]; taint; manual | | 23 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | -| 24 | Summary: System.IO; FileStream; false; FileStream; (System.String,System.IO.FileMode); ; Argument[0]; Argument[this]; taint; manual | -| 25 | Summary: System.IO; StreamReader; false; StreamReader; (System.IO.Stream,System.Text.Encoding); ; Argument[0]; Argument[this]; taint; manual | +| 24 | Summary: System.IO; FileStream; true; FileStream; (System.String,System.IO.FileMode); ; Argument[0]; Argument[this]; taint; manual | +| 25 | Summary: System.IO; StreamReader; true; StreamReader; (System.IO.Stream,System.Text.Encoding); ; Argument[0]; Argument[this]; taint; manual | | 26 | Summary: System.IO; TextReader; true; ReadLine; (); ; Argument[this]; ReturnValue; taint; manual | -| 27 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | -| 28 | Summary: System; String; false; Trim; (); ; Argument[this]; ReturnValue; taint; manual | +| 27 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 28 | Summary: System; String; true; Trim; (); ; Argument[this]; ReturnValue; taint; manual | nodes | SecondOrderSqlInjection.cs:20:31:20:44 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader | | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | semmle.label | call to method ExecuteReader : SqlDataReader | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected index 2cb812051c60..25d62d2856ed 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected @@ -21,7 +21,7 @@ edges | LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | LDAPInjection.cs:41:80:41:106 | call to method GetString : String | provenance | MaD:2 | | LDAPInjection.cs:41:80:41:106 | call to method GetString : String | LDAPInjection.cs:41:63:41:106 | ... + ... | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | | 2 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | nodes | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | semmle.label | access to local variable userName : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected index f4f952d0f0ff..9d96d9aeabbb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected @@ -6,7 +6,7 @@ edges | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:27:8:65 | access to indexer : String | provenance | MaD:1 | | Test.cs:8:27:8:65 | access to indexer : String | Test.cs:8:12:8:23 | access to local variable employeeName : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | Test.cs:8:12:8:23 | access to local variable employeeName : String | semmle.label | access to local variable employeeName : String | | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected index d12803909c86..922261d04109 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected @@ -9,7 +9,7 @@ edges | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:23:23:53 | access to indexer : String | provenance | MaD:1 | | CodeInjection.cs:23:23:23:53 | access to indexer : String | CodeInjection.cs:23:16:23:19 | access to local variable code : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | CodeInjection.cs:23:16:23:19 | access to local variable code : String | semmle.label | access to local variable code : String | | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected index 395b711e5478..d450bfbcbaf8 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected @@ -9,7 +9,7 @@ edges | ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | provenance | | | ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | semmle.label | access to local variable userName : String | | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected index 2477cd600e0f..a91727751ecb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected @@ -17,8 +17,8 @@ edges | MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | MaD:2 | | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | MaD:2 | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | -| 2 | Summary: System.IO; StringReader; false; StringReader; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 2 | Summary: System.IO; StringReader; true; StringReader; (System.String); ; Argument[0]; Argument[this]; taint; manual | nodes | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String | | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected index 14e45fbcd9a7..1a50fdf6e64f 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected @@ -6,7 +6,7 @@ edges | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:26:7:63 | access to indexer : String | provenance | MaD:1 | | Test.cs:7:26:7:63 | access to indexer : String | Test.cs:7:12:7:22 | access to local variable libraryName : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | Test.cs:7:12:7:22 | access to local variable libraryName : String | semmle.label | access to local variable libraryName : String | | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index f817ebd27b03..dbda9d772b61 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -12,7 +12,7 @@ edges | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | LogForging.cs:18:16:18:23 | access to local variable username : String | semmle.label | access to local variable username : String | | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected b/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected index 6c70f8450b2e..4a86c940e456 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected @@ -17,8 +17,8 @@ edges | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | provenance | MaD:2 | | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | provenance | | models -| 1 | Source: System; Console; false; ReadLine; ; ; ReturnValue; stdin; manual | -| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Source: System; Console; true; ReadLine; ; ; ReturnValue; stdin; manual | +| 2 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | semmle.label | access to local variable format : String | | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | semmle.label | call to method ReadLine : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected index f6fedad600ab..fde1b5d05672 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected @@ -17,8 +17,8 @@ edges | ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | provenance | | | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | provenance | | models -| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 2 | Summary: System.ComponentModel; PropertyDescriptorCollection; false; get_Item; (System.Object); ; Argument[this].Element; ReturnValue; value; manual | +| 1 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 2 | Summary: System.ComponentModel; PropertyDescriptorCollection; true; get_Item; (System.Object); ; Argument[this].Element; ReturnValue; value; manual | nodes | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | semmle.label | access to local variable password | | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | semmle.label | call to method ToString | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected index f7015f6e9ba4..af5b49a51c1f 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected @@ -14,8 +14,8 @@ edges | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | Config Sink:MaD:1 | | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | MaD:2 Sink:MaD:1 | models -| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 2 | Summary: System; Exception; false; ToString; (); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 2 | Summary: System; Exception; true; ToString; (); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | semmle.label | access to local variable ex : Exception | | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | semmle.label | call to method ToString | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected index f1cb229f93a4..eb8381dee1c9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected @@ -23,9 +23,9 @@ edges | InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | provenance | | models | 1 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | -| 2 | Summary: System.Text; StringBuilder; false; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual | -| 3 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual | -| 4 | Summary: System; String; false; ToString; (); ; Argument[this]; ReturnValue; value; manual | +| 2 | Summary: System.Text; StringBuilder; true; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 3 | Summary: System.Text; StringBuilder; true; ToString; (); ; Argument[this]; ReturnValue; taint; manual | +| 4 | Summary: System; String; true; ToString; (); ; Argument[this]; ReturnValue; value; manual | nodes | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | semmle.label | call to method InsecureRandomString | | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | semmle.label | call to method InsecureRandomStringFromSelection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected index 37cba1c28bff..bd1c1939d65e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected @@ -27,9 +27,9 @@ edges | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | MaD:3 | | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | MaD:2 | models -| 1 | Summary: System.IO; MemoryStream; false; MemoryStream; (System.Byte[]); ; Argument[0]; Argument[this]; taint; manual | +| 1 | Summary: System.IO; MemoryStream; true; MemoryStream; (System.Byte[]); ; Argument[0]; Argument[this]; taint; manual | | 2 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual | -| 3 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 3 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | nodes | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream | | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected index d63b7070311c..c66450230483 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected @@ -5,7 +5,7 @@ edges | Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | provenance | MaD:1 | | Test.cs:25:46:25:49 | access to parameter data : TextBox | Test.cs:25:46:25:54 | access to property Text | provenance | MaD:1 | models -| 1 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 1 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | nodes | Test.cs:9:46:9:49 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox | | Test.cs:9:46:9:54 | access to property Text | semmle.label | access to property Text | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected index e7fced7fde3f..02253298fdb9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected @@ -49,11 +49,11 @@ edges | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | provenance | | | UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | provenance | MaD:5 | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | -| 2 | Summary: System; String; false; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual | -| 3 | Summary: System; String; false; Format; (System.String,System.Object,System.Object); ; Argument[1]; ReturnValue; taint; manual | -| 4 | Summary: System; String; false; Format; (System.String,System.Object,System.Object); ; Argument[2]; ReturnValue; taint; manual | -| 5 | Summary: System; Uri; false; Uri; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 2 | Summary: System; String; true; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual | +| 3 | Summary: System; String; true; Format; (System.String,System.Object,System.Object); ; Argument[1]; ReturnValue; taint; manual | +| 4 | Summary: System; String; true; Format; (System.String,System.Object,System.Object); ; Argument[2]; ReturnValue; taint; manual | +| 5 | Summary: System; Uri; true; Uri; (System.String); ; Argument[0]; Argument[this]; taint; manual | nodes | UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | | UrlRedirect2.cs:14:31:14:61 | access to indexer | semmle.label | access to indexer | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected index 22a96ba9dbe5..4b00e61a4b30 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected @@ -4,7 +4,7 @@ edges | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | Test.cs:11:50:11:84 | access to indexer | provenance | | | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | Test.cs:11:50:11:84 | access to indexer | provenance | MaD:1 | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | | Test.cs:11:50:11:84 | access to indexer | semmle.label | access to indexer | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected index 6e302ea05c8f..9ce72f9737bd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected @@ -43,7 +43,7 @@ edges | XPathInjection.cs:79:35:79:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:79:35:79:61 | call to method GetString : String | provenance | MaD:2 | | XPathInjection.cs:79:35:79:61 | call to method GetString : String | XPathInjection.cs:79:24:79:31 | access to local variable password : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | | 2 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | nodes | XPathInjection.cs:11:16:11:23 | access to local variable userName : String | semmle.label | access to local variable userName : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected index de0a0f183e57..6310597cf2b7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected @@ -14,7 +14,7 @@ edges | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | provenance | MaD:1 | | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String | | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected index 58af96929ff7..fd6303de650d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected @@ -5,7 +5,7 @@ edges | ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | provenance | MaD:1 | | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String | | ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected index 2385d5b212d6..3af7daa80226 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected @@ -6,7 +6,7 @@ edges | RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:24:10:55 | access to indexer : String | provenance | MaD:1 | | RegexInjection.cs:10:24:10:55 | access to indexer : String | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | semmle.label | access to local variable regex : String | | RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected index 6890fb686a04..97c204c8138b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected @@ -34,9 +34,9 @@ edges | ConditionalBypass.cs:84:13:84:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:84:13:84:29 | access to property Value : String | provenance | MaD:3 | | ConditionalBypass.cs:84:13:84:29 | access to property Value : String | ConditionalBypass.cs:84:13:84:40 | ... == ... | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | -| 2 | Summary: System.Net; IPHostEntry; false; get_HostName; (); ; Argument[this]; ReturnValue; taint; manual | -| 3 | Summary: System.Web; HttpCookie; false; get_Value; (); ; Argument[this]; ReturnValue; taint; manual | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 2 | Summary: System.Net; IPHostEntry; true; get_HostName; (); ; Argument[this]; ReturnValue; taint; manual | +| 3 | Summary: System.Web; HttpCookie; true; get_Value; (); ; Argument[this]; ReturnValue; taint; manual | nodes | ConditionalBypass.cs:12:16:12:22 | access to local variable isAdmin : String | semmle.label | access to local variable isAdmin : String | | ConditionalBypass.cs:12:26:12:48 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected index 391c513ed0f6..81be1b5b8e53 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected @@ -28,9 +28,9 @@ edges | SqlEncode.cs:14:62:14:87 | call to method Replace : String | SqlEncode.cs:14:17:14:21 | access to local variable query : String | provenance | | | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | UrlEncode.cs:10:31:10:69 | ... + ... | provenance | | models -| 1 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 3 | Summary: System; String; false; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual | +| 1 | Sink: System.Data.SqlClient; SqlDataAdapter; true; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 3 | Summary: System; String; true; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual | nodes | HtmlEncode.cs:10:28:10:65 | ... + ... | semmle.label | ... + ... | | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | semmle.label | call to method UrlEncode : String |