From ca5b51b8543b03073f9cf163123cbf3dddf23ae2 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 21 Nov 2024 16:25:19 +0100 Subject: [PATCH 1/3] C#: Ignore the content of the subtypes column for MaD models and default it to true. --- .../csharp/dataflow/internal/ExternalFlow.qll | 31 ++++++++++++++++++- .../dataflow/internal/FlowSummaryImpl.qll | 7 +++-- .../utils/modelconverter/InterpretModel.qll | 1 + 3 files changed, 36 insertions(+), 3 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll index ccc0a333b9e7..a68d761588e7 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll @@ -88,7 +88,7 @@ */ import csharp -import ExternalFlowExtensions +private import ExternalFlowExtensions as ExternalFlowExtensions private import DataFlowDispatch private import DataFlowPrivate private import DataFlowPublic @@ -102,6 +102,35 @@ private import semmle.code.csharp.frameworks.System private import codeql.dataflow.internal.AccessPathSyntax as AccessPathSyntax private import codeql.mad.ModelValidation as SharedModelVal +private predicate sourceModel( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string output, string kind, string provenance, QlBuiltins::ExtensionId madId +) { + subtypes = true and + ExternalFlowExtensions::sourceModel(namespace, type, _, name, signature, ext, output, kind, + provenance, madId) +} + +private predicate sinkModel( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string input, string kind, string provenance, QlBuiltins::ExtensionId madId +) { + subtypes = true and + ExternalFlowExtensions::sinkModel(namespace, type, _, name, signature, ext, input, kind, + provenance, madId) +} + +private predicate summaryModel( + string namespace, string type, boolean subtypes, string name, string signature, string ext, + string input, string output, string kind, string provenance, QlBuiltins::ExtensionId madId +) { + subtypes = true and + ExternalFlowExtensions::summaryModel(namespace, type, _, name, signature, ext, input, output, + kind, provenance, madId) +} + +private predicate neutralModel = ExternalFlowExtensions::neutralModel/6; + /** * Holds if the given extension tuple `madId` should pretty-print as `model`. * diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index d777566a336a..9a768e7fe958 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -11,6 +11,7 @@ private import DataFlowImplSpecific as DataFlowImplSpecific private import DataFlowImplSpecific::Private private import DataFlowImplSpecific::Public private import semmle.code.csharp.Unification +private import semmle.code.csharp.dataflow.internal.ExternalFlowExtensions as ExternalFlowExtensions private import semmle.code.csharp.dataflow.internal.ExternalFlow module Input implements InputSig { @@ -198,7 +199,8 @@ module SourceSinkInterpretationInput implements string namespace, string type, boolean subtypes, string name, string signature, string ext, QlBuiltins::ExtensionId madId | - sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance, madId) and + ExternalFlowExtensions::sourceModel(namespace, type, _, name, signature, ext, output, kind, + provenance, madId) and model = "MaD:" + madId.toString() and e = interpretElement(namespace, type, subtypes, name, signature, ext) ) @@ -211,7 +213,8 @@ module SourceSinkInterpretationInput implements string namespace, string type, boolean subtypes, string name, string signature, string ext, QlBuiltins::ExtensionId madId | - sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance, madId) and + ExternalFlowExtensions::sinkModel(namespace, type, _, name, signature, ext, input, kind, + provenance, madId) and model = "MaD:" + madId.toString() and e = interpretElement(namespace, type, subtypes, name, signature, ext) ) diff --git a/csharp/ql/src/utils/modelconverter/InterpretModel.qll b/csharp/ql/src/utils/modelconverter/InterpretModel.qll index 3bbffe7fe676..c43bf32e7479 100644 --- a/csharp/ql/src/utils/modelconverter/InterpretModel.qll +++ b/csharp/ql/src/utils/modelconverter/InterpretModel.qll @@ -1,4 +1,5 @@ import csharp +import semmle.code.csharp.dataflow.internal.ExternalFlowExtensions import semmle.code.csharp.dataflow.internal.ExternalFlow bindingset[namespace0, type0, name0, signature0] From 627d3d4b33df6ad70710e5f0740402d4b3255129 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Thu, 21 Nov 2024 16:27:16 +0100 Subject: [PATCH 2/3] C#: Update test summaries expected output. --- .../dataflow/library/FlowSummaries.expected | 44 +++++++++++++++++++ .../library/FlowSummariesFiltered.expected | 44 +++++++++++++++++++ 2 files changed, 88 insertions(+) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 7b6e623288f3..150ccbbe4ac0 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -3239,6 +3239,7 @@ summary | Microsoft.SqlServer.Server;SqlDataRecord;get_Item;(System.String);Argument[this];ReturnValue;taint;manual | | Microsoft.VisualBasic.CompilerServices;StringType;MidStmtStr;(System.String,System.Int32,System.Int32,System.String);Argument[0];ReturnValue;value;dfc-generated | | Microsoft.VisualBasic.FileIO;MalformedLineException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | +| Microsoft.VisualBasic.FileIO;MalformedLineException;ToString;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.VisualBasic;Collection;Add;(System.Object);Argument[0];Argument[this].Element;value;manual | | Microsoft.VisualBasic;Collection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | Microsoft.VisualBasic;Collection;CopyTo;(System.Array,System.Int32);Argument[this].Element;Argument[0].Element;value;manual | @@ -3381,6 +3382,7 @@ summary | Newtonsoft.Json.Linq;JToken;ToString;(Newtonsoft.Json.Formatting,Newtonsoft.Json.JsonConverter[]);Argument[this];ReturnValue;taint;manual | | Newtonsoft.Json.Linq;JValue;ToDateTime;(System.IFormatProvider);Argument[this];ReturnValue;value;df-generated | | Newtonsoft.Json.Linq;JValue;ToDecimal;(System.IFormatProvider);Argument[this];ReturnValue;value;df-generated | +| Newtonsoft.Json.Linq;JValue;ToString;();Argument[this];ReturnValue;taint;manual | | Newtonsoft.Json.Linq;JValue;ToString;(System.IFormatProvider);Argument[this];ReturnValue;value;dfc-generated | | Newtonsoft.Json.Linq;JValue;ToString;(System.String,System.IFormatProvider);Argument[this];ReturnValue;taint;dfc-generated | | Newtonsoft.Json.Linq;JValue;ToType;(System.Type,System.IFormatProvider);Argument[this];ReturnValue;value;dfc-generated | @@ -4807,6 +4809,7 @@ summary | ServiceStack.Script;Lisp+Interpreter;Def;(System.String,System.Int32,ServiceStack.Script.Lisp+BuiltInFuncBody);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;Lisp+Interpreter;Def;(System.String,System.Int32,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;Lisp+Sym;New;(System.String,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | +| ServiceStack.Script;LispEvalException;ToString;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack.Script;PageFormat;set_EncodeValue;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;PageFormat;set_OnExpressionException;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;PageFormat;set_OnViewException;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -4918,6 +4921,7 @@ summary | ServiceStack.Text;RecyclableMemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;Read;(System.Byte[],System.Int32,System.Int32);Argument[this];Argument[0].Element;taint;manual | | ServiceStack.Text;RecyclableMemoryStream;Read;(System.Span);Argument[this];Argument[0].Element;taint;manual | +| ServiceStack.Text;RecyclableMemoryStream;ToArray;();Argument[this];ReturnValue;taint;manual | | ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;Write;(System.Byte[],System.Int32,System.Int32);Argument[0].Element;Argument[this];taint;manual | | ServiceStack.Text;RecyclableMemoryStream;WriteTo;(System.IO.Stream);Argument[this];Argument[0];taint;df-generated | @@ -5365,6 +5369,7 @@ summary | ServiceStack;IEventSubscription;set_OnUnsubscribe;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;IEventSubscription;set_OnUnsubscribeAsync;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;IServerEvents;QueueAsyncTask;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | +| ServiceStack;InfoException;ToString;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack;Inspect+Config;set_DumpTableFilter;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;Inspect+Config;set_VarsFilter;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;InstanceMapper;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -5581,6 +5586,7 @@ summary | ServiceStack;UploadLocation;set_ValidateUpload;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;UrlExtensions;ToUrl;(System.Object,System.String,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack;UrlResolverDelegate;BeginInvoke;(ServiceStack.IServiceClientMeta,System.String,System.String,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | +| ServiceStack;WebServiceException;ToString;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack;WebServiceException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | ServiceStack;WriteComplexTypeDelegate;BeginInvoke;(System.IO.TextWriter,System.String,System.Object,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | ServiceStack;X;Apply;(T,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -8461,6 +8467,7 @@ summary | System.ComponentModel;VersionConverter;ConvertTo;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object,System.Type);Argument[2];ReturnValue;taint;dfc-generated | | System.ComponentModel;WarningException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | | System.ComponentModel;Win32Exception;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | +| System.ComponentModel;Win32Exception;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Configuration.Internal;DelegatingConfigHost;GetStreamName;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Configuration.Internal;DelegatingConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[0];ReturnValue;taint;dfc-generated | | System.Configuration.Internal;DelegatingConfigHost;GetStreamNameForConfigSource;(System.String,System.String);Argument[1];ReturnValue;taint;dfc-generated | @@ -8607,6 +8614,7 @@ summary | System.Configuration;ConfigXmlDocument;CreateWhitespace;(System.String);Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];ReturnValue.SyntheticField[System.Configuration.ConfigXmlWhitespace._filename];value;dfc-generated | | System.Configuration;ConfigXmlDocument;CreateWhitespace;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Configuration;ConfigXmlDocument;CreateWhitespace;(System.String);Argument[this];ReturnValue;taint;dfc-generated | +| System.Configuration;ConfigXmlDocument;Load;(System.String);Argument[0];Argument[this];taint;manual | | System.Configuration;ConfigXmlDocument;LoadSingleElement;(System.String,System.Xml.XmlTextReader);Argument[0];Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];value;dfc-generated | | System.Configuration;ConfigXmlDocument;get_Filename;();Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];ReturnValue;value;df-generated | | System.Configuration;ConfigXmlDocument;get_Filename;();Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];ReturnValue;value;dfc-generated | @@ -9214,7 +9222,10 @@ summary | System.Data.Entity.Core.EntityClient;EntityConnection;get_ServerVersion;();Argument[this];ReturnValue;taint;df-generated | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetProviderSpecificValue;(System.Int32);Argument[this];ReturnValue;taint;dfc-generated | | System.Data.Entity.Core.EntityClient;EntityDataReader;GetProviderSpecificValues;(System.Object[]);Argument[this];Argument[0].Element;taint;dfc-generated | @@ -9706,8 +9717,11 @@ summary | System.Data.SqlClient;SqlConnection;remove_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnectionStringBuilder;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.SqlClient;SqlConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | | System.Data.SqlClient;SqlConnectionStringBuilder;get_Keys;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];ReturnValue.Element;value;manual | | System.Data.SqlClient;SqlConnectionStringBuilder;get_Values;();Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue.Element;value;manual | +| System.Data.SqlClient;SqlConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | +| System.Data.SqlClient;SqlConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Data.SqlClient;SqlDataAdapter;Clone;();Argument[this];ReturnValue;value;dfc-generated | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdated;(System.Data.SqlClient.SqlRowUpdatedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdating;(System.Data.SqlClient.SqlRowUpdatingEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -9731,6 +9745,7 @@ summary | System.Data.SqlClient;SqlErrorCollection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | System.Data.SqlClient;SqlErrorCollection;get_SyncRoot;();Argument[this];ReturnValue;value;dfc-generated | | System.Data.SqlClient;SqlException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | +| System.Data.SqlClient;SqlException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Data.SqlClient;SqlInfoMessageEventHandler;BeginInvoke;(System.Object,System.Data.SqlClient.SqlInfoMessageEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlParameter;Clone;();Argument[this];ReturnValue;value;dfc-generated | | System.Data.SqlClient;SqlParameterCollection;Add;(System.Object);Argument[0];Argument[this].Element;value;manual | @@ -9837,6 +9852,7 @@ summary | System.Data;DBConcurrencyException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | | System.Data;DataColumn;DataColumn;(System.String,System.Type,System.String,System.Data.MappingType);Argument[0];Argument[this];taint;df-generated | | System.Data;DataColumn;DataColumn;(System.String,System.Type,System.String,System.Data.MappingType);Argument[2];Argument[this];taint;df-generated | +| System.Data;DataColumn;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Data;DataColumn;get_Table;();Argument[this];ReturnValue;taint;df-generated | | System.Data;DataColumnChangeEventArgs;DataColumnChangeEventArgs;(System.Data.DataRow,System.Data.DataColumn,System.Object);Argument[1];Argument[this].SyntheticField[System.Data.DataColumnChangeEventArgs._column];value;dfc-generated | | System.Data;DataColumnChangeEventArgs;get_Column;();Argument[this].SyntheticField[System.Data.DataColumnChangeEventArgs._column];ReturnValue;value;dfc-generated | @@ -9996,6 +10012,7 @@ summary | System.Data;DataTable;Select;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Data;DataTable;Select;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Data;DataTable;Select;(System.String,System.String,System.Data.DataViewRowState);Argument[this];ReturnValue;taint;df-generated | +| System.Data;DataTable;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Data;DataTable;WriteXml;(System.Xml.XmlWriter);Argument[this];Argument[0];taint;df-generated | | System.Data;DataTable;add_ColumnChanged;(System.Data.DataColumnChangeEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data;DataTable;add_ColumnChanging;(System.Data.DataColumnChangeEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -10511,6 +10528,7 @@ summary | System.Diagnostics;Process;GetProcessById;(System.Int32,System.String);Argument[1];ReturnValue.SyntheticField[System.Diagnostics.Process._machineName];value;dfc-generated | | System.Diagnostics;Process;GetProcesses;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Diagnostics;Process;Start;(System.Diagnostics.ProcessStartInfo);Argument[0];ReturnValue;taint;df-generated | +| System.Diagnostics;Process;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;Process;add_ErrorDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;add_Exited;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;add_OutputDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -10526,7 +10544,10 @@ summary | System.Diagnostics;Process;remove_ErrorDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;remove_Exited;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;remove_OutputDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | +| System.Diagnostics;ProcessModule;ToString;();Argument[this].Property[System.Diagnostics.ProcessModule.ModuleName];ReturnValue;taint;df-generated | | System.Diagnostics;ProcessModule;ToString;();Argument[this].Property[System.Diagnostics.ProcessModule.ModuleName];ReturnValue;taint;dfc-generated | +| System.Diagnostics;ProcessModule;ToString;();Argument[this];ReturnValue;taint;df-generated | +| System.Diagnostics;ProcessModule;ToString;();Argument[this];ReturnValue;taint;dfc-generated | | System.Diagnostics;ProcessModule;get_FileName;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;ProcessModule;get_ModuleName;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;ProcessModuleCollection;CopyTo;(System.Diagnostics.ProcessModule[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | @@ -10643,6 +10664,7 @@ summary | System.Drawing.Printing;MarginsConverter;ConvertTo;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object,System.Type);Argument[2].Element;ReturnValue;taint;dfc-generated | | System.Drawing.Printing;MarginsConverter;ConvertTo;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object,System.Type);Argument[2];ReturnValue;taint;dfc-generated | | System.Drawing.Printing;PageSettings;Clone;();Argument[this];ReturnValue;value;dfc-generated | +| System.Drawing.Printing;PrintDocument;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Drawing.Printing;PrintDocument;add_BeginPrint;(System.Drawing.Printing.PrintEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Drawing.Printing;PrintDocument;add_EndPrint;(System.Drawing.Printing.PrintEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Drawing.Printing;PrintDocument;add_PrintPage;(System.Drawing.Printing.PrintPageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -11225,6 +11247,7 @@ summary | System.IO;DirectoryInfo;EnumerateFiles;(System.String,System.IO.SearchOption);Argument[this];ReturnValue;taint;df-generated | | System.IO;DirectoryInfo;MoveTo;(System.String);Argument[0];Argument[this].Field[System.IO.FileSystemInfo.FullPath];value;dfc-generated | | System.IO;DirectoryInfo;MoveTo;(System.String);Argument[0];Argument[this].Field[System.IO.FileSystemInfo.OriginalPath];value;dfc-generated | +| System.IO;DirectoryInfo;ToString;();Argument[this].Field[System.IO.FileSystemInfo.OriginalPath];ReturnValue;value;dfc-generated | | System.IO;DirectoryInfo;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.IO;DirectoryInfo;get_Parent;();Argument[this].Field[System.IO.FileSystemInfo.FullPath];ReturnValue.Field[System.IO.FileSystemInfo.FullPath];value;dfc-generated | | System.IO;DirectoryInfo;get_Parent;();Argument[this].Field[System.IO.FileSystemInfo.FullPath];ReturnValue.Field[System.IO.FileSystemInfo.OriginalPath];value;dfc-generated | @@ -11281,8 +11304,10 @@ summary | System.IO;FileInfo;get_DirectoryName;();Argument[this].Field[System.IO.FileSystemInfo.FullPath];ReturnValue;value;dfc-generated | | System.IO;FileInfo;get_Name;();Argument[this];ReturnValue;taint;df-generated | | System.IO;FileLoadException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | +| System.IO;FileLoadException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.IO;FileLoadException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System.IO;FileNotFoundException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | +| System.IO;FileNotFoundException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.IO;FileNotFoundException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System.IO;FileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;manual | | System.IO;FileStream;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);Argument[this];Argument[0].Element;taint;manual | @@ -13391,6 +13416,8 @@ summary | System.Net.Http.Headers;NameValueHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;get_Name;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];ReturnValue;value;dfc-generated | | System.Net.Http.Headers;NameValueWithParametersHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | +| System.Net.Http.Headers;NameValueWithParametersHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];ReturnValue;value;dfc-generated | +| System.Net.Http.Headers;NameValueWithParametersHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;ProductHeaderValue;Clone;();Argument[this].SyntheticField[System.Net.Http.Headers.ProductHeaderValue._name];ReturnValue.SyntheticField[System.Net.Http.Headers.ProductHeaderValue._name];value;dfc-generated | | System.Net.Http.Headers;ProductHeaderValue;Clone;();Argument[this].SyntheticField[System.Net.Http.Headers.ProductHeaderValue._version];ReturnValue.SyntheticField[System.Net.Http.Headers.ProductHeaderValue._version];value;dfc-generated | | System.Net.Http.Headers;ProductHeaderValue;Clone;();Argument[this];ReturnValue;value;dfc-generated | @@ -14552,6 +14579,7 @@ summary | System.Reflection.Emit;GenericTypeParameterBuilder;MakeGenericType;(System.Type[]);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;MakePointerType;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;SetInterfaceConstraintsCore;(System.Type[]);Argument[0].Element;Argument[this];taint;df-generated | +| System.Reflection.Emit;GenericTypeParameterBuilder;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;get_Assembly;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;get_AssemblyQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;get_BaseType;();Argument[this];ReturnValue;taint;df-generated | @@ -14708,6 +14736,7 @@ summary | System.Reflection.Emit;TypeBuilder;MakeByRefType;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;MakeGenericType;(System.Type[]);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;MakePointerType;();Argument[this];ReturnValue;taint;df-generated | +| System.Reflection.Emit;TypeBuilder;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;get_Assembly;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;get_AssemblyQualifiedName;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;get_BaseType;();Argument[this];ReturnValue;taint;df-generated | @@ -15331,6 +15360,7 @@ summary | System.Reflection;ReflectionContext;MapAssembly;(System.Reflection.Assembly);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection;ReflectionContext;MapType;(System.Reflection.TypeInfo);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection;ReflectionTypeLoadException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | +| System.Reflection;ReflectionTypeLoadException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection;ReflectionTypeLoadException;get_Message;();Argument[this].Property[System.Exception.Message];ReturnValue;value;dfc-generated | | System.Reflection;ReflectionTypeLoadException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System.Reflection;RuntimeReflectionExtensions;GetMethodInfo;(System.Delegate);Argument[0].Property[System.Delegate.Method];ReturnValue;value;dfc-generated | @@ -15627,6 +15657,7 @@ summary | System.Runtime.InteropServices;ArrayWithOffset;GetArray;();Argument[this].SyntheticField[System.Runtime.InteropServices.ArrayWithOffset.m_array];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;CLong;CLong;(System.IntPtr);Argument[0];Argument[this].SyntheticField[System.Runtime.InteropServices.CLong._value];value;dfc-generated | | System.Runtime.InteropServices;CLong;get_Value;();Argument[this].SyntheticField[System.Runtime.InteropServices.CLong._value];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;COMException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.InteropServices;CULong;CULong;(System.UIntPtr);Argument[0];Argument[this].SyntheticField[System.Runtime.InteropServices.CULong._value];value;dfc-generated | | System.Runtime.InteropServices;CULong;get_Value;();Argument[this].SyntheticField[System.Runtime.InteropServices.CULong._value];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;CollectionsMarshal;AsSpan;(System.Collections.Generic.List);Argument[0].Element;ReturnValue;taint;df-generated | @@ -15640,6 +15671,7 @@ summary | System.Runtime.InteropServices;CriticalHandle;CriticalHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.CriticalHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;CriticalHandle;SetHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.CriticalHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;DllImportResolver;BeginInvoke;(System.String,System.Reflection.Assembly,System.Nullable,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | +| System.Runtime.InteropServices;ExternalException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.InteropServices;GCHandle;FromIntPtr;(System.IntPtr);Argument[0];ReturnValue.SyntheticField[System.Runtime.InteropServices.GCHandle._handle];value;dfc-generated | | System.Runtime.InteropServices;GCHandle;ToIntPtr;(System.Runtime.InteropServices.GCHandle);Argument[0].SyntheticField[System.Runtime.InteropServices.GCHandle._handle];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;HandleRef;HandleRef;(System.Object,System.IntPtr);Argument[0];Argument[this].SyntheticField[System.Runtime.InteropServices.HandleRef._wrapper];value;dfc-generated | @@ -15954,8 +15986,12 @@ summary | System.Security.Cryptography.X509Certificates;X509AuthorityKeyIdentifierExtension;get_SerialNumber;();Argument[this];ReturnValue;taint;df-generated | | System.Security.Cryptography.X509Certificates;X509BasicConstraintsExtension;CopyFrom;(System.Security.Cryptography.AsnEncodedData);Argument[0].SyntheticField[System.Security.Cryptography.AsnEncodedData._rawData].Element;Argument[this].SyntheticField[System.Security.Cryptography.AsnEncodedData._rawData].Element;value;dfc-generated | | System.Security.Cryptography.X509Certificates;X509BasicConstraintsExtension;CopyFrom;(System.Security.Cryptography.AsnEncodedData);Argument[0].SyntheticField[System.Security.Cryptography.AsnEncodedData._rawData];Argument[this].SyntheticField[System.Security.Cryptography.AsnEncodedData._rawData];value;dfc-generated | +| System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Issuer];ReturnValue;taint;df-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Issuer];ReturnValue;taint;dfc-generated | +| System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Subject];ReturnValue;taint;df-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Subject];ReturnValue;taint;dfc-generated | +| System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this];ReturnValue;taint;df-generated | +| System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this];ReturnValue;taint;dfc-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;(System.Boolean);Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Issuer];ReturnValue;taint;dfc-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;(System.Boolean);Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Subject];ReturnValue;taint;dfc-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;get_Extensions;();Argument[this];ReturnValue;taint;df-generated | @@ -16571,6 +16607,7 @@ summary | System.Security;CodeAccessPermission;Intersect;(System.Security.IPermission);Argument[0];ReturnValue;value;dfc-generated | | System.Security;CodeAccessPermission;Union;(System.Security.IPermission);Argument[this];ReturnValue;taint;df-generated | | System.Security;HostProtectionException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | +| System.Security;HostProtectionException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Security;IPermission;Copy;();Argument[this];ReturnValue;value;dfc-generated | | System.Security;IPermission;Intersect;(System.Security.IPermission);Argument[0];ReturnValue;value;dfc-generated | | System.Security;IPermission;Union;(System.Security.IPermission);Argument[this];ReturnValue;taint;df-generated | @@ -16594,6 +16631,7 @@ summary | System.Security;SecurityElement;ToString;();Argument[this].SyntheticField[System.Security.SecurityElement._tag];ReturnValue;taint;dfc-generated | | System.Security;SecurityElement;ToString;();Argument[this].SyntheticField[System.Security.SecurityElement._text];ReturnValue;taint;dfc-generated | | System.Security;SecurityException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | +| System.Security;SecurityException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.ServiceProcess;ServiceControllerPermissionEntryCollection;OnInsert;(System.Int32,System.Object);Argument[1];Argument[this];taint;df-generated | | System.ServiceProcess;ServiceControllerPermissionEntryCollection;OnSet;(System.Int32,System.Object,System.Object);Argument[2];Argument[this];taint;df-generated | | System.Text.Encodings.Web;TextEncoder;Encode;(System.IO.TextWriter,System.Char[],System.Int32,System.Int32);Argument[1].Element;Argument[0];taint;df-generated | @@ -19272,6 +19310,10 @@ summary | System.Xml;XmlDataDocument;GetElementFromRow;(System.Data.DataRow);Argument[0];ReturnValue;taint;df-generated | | System.Xml;XmlDataDocument;GetElementsByTagName;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml;XmlDataDocument;GetRowFromElement;(System.Xml.XmlElement);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Xml;XmlDataDocument;Load;(System.IO.Stream);Argument[0];Argument[this];taint;manual | +| System.Xml;XmlDataDocument;Load;(System.IO.TextReader);Argument[0];Argument[this];taint;manual | +| System.Xml;XmlDataDocument;Load;(System.String);Argument[0];Argument[this];taint;manual | +| System.Xml;XmlDataDocument;Load;(System.Xml.XmlReader);Argument[0];Argument[this];taint;manual | | System.Xml;XmlDataDocument;XmlDataDocument;(System.Data.DataSet);Argument[0];Argument[this].SyntheticField[System.Xml.XmlDataDocument._dataSet];value;dfc-generated | | System.Xml;XmlDataDocument;get_DataSet;();Argument[this].SyntheticField[System.Xml.XmlDataDocument._dataSet];ReturnValue;value;dfc-generated | | System.Xml;XmlDeclaration;CloneNode;(System.Boolean);Argument[this];ReturnValue;taint;df-generated | @@ -20106,6 +20148,7 @@ summary | System;AggregateException;Handle;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System;AggregateException;Handle;(System.Func);Argument[this].SyntheticField[System.AggregateException._innerExceptions].Element;Argument[0].Parameter[0];value;dfc-generated | | System;AggregateException;Handle;(System.Func);Argument[this].SyntheticField[System.AggregateException._innerExceptions].Element;Argument[0].Parameter[0];value;hq-generated | +| System;AggregateException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System;AggregateException;get_Message;();Argument[this].Property[System.Exception.Message];ReturnValue;value;dfc-generated | | System;AggregateException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System;AppDomain;ApplyPolicy;(System.String);Argument[0];ReturnValue;value;dfc-generated | @@ -20249,6 +20292,7 @@ summary | System;BadImageFormatException;BadImageFormatException;(System.String,System.String);Argument[1];Argument[this].SyntheticField[System.BadImageFormatException._fileName];value;dfc-generated | | System;BadImageFormatException;BadImageFormatException;(System.String,System.String,System.Exception);Argument[1];Argument[this].SyntheticField[System.BadImageFormatException._fileName];value;dfc-generated | | System;BadImageFormatException;GetObjectData;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[this];Argument[0];taint;df-generated | +| System;BadImageFormatException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System;BadImageFormatException;get_FileName;();Argument[this].SyntheticField[System.BadImageFormatException._fileName];ReturnValue;value;dfc-generated | | System;BadImageFormatException;get_FusionLog;();Argument[this].SyntheticField[System.BadImageFormatException._fusionLog];ReturnValue;value;dfc-generated | | System;BadImageFormatException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index 6fb375dae859..6f927b095101 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -1988,6 +1988,7 @@ | Microsoft.Extensions.Primitives;StringValues;set_Item;(System.Int32,System.String);Argument[1];ReturnValue;taint;manual | | Microsoft.Extensions.Primitives;StringValues;set_Item;(System.Int32,System.String);Argument[this];ReturnValue;taint;manual | | Microsoft.VisualBasic.CompilerServices;StringType;MidStmtStr;(System.String,System.Int32,System.Int32,System.String);Argument[0];ReturnValue;value;dfc-generated | +| Microsoft.VisualBasic.FileIO;MalformedLineException;ToString;();Argument[this];ReturnValue;taint;df-generated | | Microsoft.VisualBasic;Collection;Clear;();Argument[this].WithoutElement;Argument[this];value;manual | | Microsoft.VisualBasic;Collection;GetEnumerator;();Argument[this].Element;ReturnValue.Property[System.Collections.IEnumerator.Current];value;manual | | Microsoft.VisualBasic;Collection;get_Item;(System.Int32);Argument[this].Element;ReturnValue;value;manual | @@ -2064,6 +2065,7 @@ | Newtonsoft.Json.Linq;JToken;SelectToken;(System.String,System.Boolean);Argument[this];ReturnValue;taint;manual | | Newtonsoft.Json.Linq;JToken;ToString;();Argument[this];ReturnValue;taint;manual | | Newtonsoft.Json.Linq;JToken;ToString;(Newtonsoft.Json.Formatting,Newtonsoft.Json.JsonConverter[]);Argument[this];ReturnValue;taint;manual | +| Newtonsoft.Json.Linq;JValue;ToString;();Argument[this];ReturnValue;taint;manual | | Newtonsoft.Json.Schema;Extensions;Validate;(Newtonsoft.Json.Linq.JToken,Newtonsoft.Json.Schema.JsonSchema,Newtonsoft.Json.Schema.ValidationEventHandler);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | Newtonsoft.Json.Schema;ValidationEventHandler;BeginInvoke;(System.Object,Newtonsoft.Json.Schema.ValidationEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | Newtonsoft.Json.Serialization;ExtensionDataGetter;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -3370,6 +3372,7 @@ | ServiceStack.Script;Lisp+Interpreter;Def;(System.String,System.Int32,ServiceStack.Script.Lisp+BuiltInFuncBody);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;Lisp+Interpreter;Def;(System.String,System.Int32,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;Lisp+Sym;New;(System.String,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | +| ServiceStack.Script;LispEvalException;ToString;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack.Script;PageFormat;set_EncodeValue;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;PageFormat;set_OnExpressionException;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Script;PageFormat;set_OnViewException;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -3466,6 +3469,7 @@ | ServiceStack.Text;MemoryProvider;Deserialize;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;MemoryProvider;DeserializeAsync;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;RecyclableMemoryStream;GetBuffer;();Argument[this];ReturnValue;taint;df-generated | +| ServiceStack.Text;RecyclableMemoryStream;ToArray;();Argument[this];ReturnValue;taint;manual | | ServiceStack.Text;RecyclableMemoryStream;TryGetBuffer;(System.ArraySegment);Argument[this];ReturnValue;taint;df-generated | | ServiceStack.Text;RecyclableMemoryStream;WriteTo;(System.IO.Stream);Argument[this];Argument[0];taint;df-generated | | ServiceStack.Text;RecyclableMemoryStreamManager+EventHandler;BeginInvoke;(System.AsyncCallback,System.Object);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -3901,6 +3905,7 @@ | ServiceStack;IEventSubscription;set_OnUnsubscribe;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;IEventSubscription;set_OnUnsubscribeAsync;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;IServerEvents;QueueAsyncTask;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | +| ServiceStack;InfoException;ToString;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack;Inspect+Config;set_DumpTableFilter;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;Inspect+Config;set_VarsFilter;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;InstanceMapper;BeginInvoke;(System.Object,System.AsyncCallback,System.Object);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -4100,6 +4105,7 @@ | ServiceStack;UploadLocation;set_ValidateUpload;(System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack;UrlExtensions;ToUrl;(System.Object,System.String,System.Func);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack;UrlResolverDelegate;BeginInvoke;(ServiceStack.IServiceClientMeta,System.String,System.String,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | +| ServiceStack;WebServiceException;ToString;();Argument[this];ReturnValue;taint;df-generated | | ServiceStack;WebServiceException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | ServiceStack;WriteComplexTypeDelegate;BeginInvoke;(System.IO.TextWriter,System.String,System.Object,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | ServiceStack;X;Apply;(T,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -6230,6 +6236,7 @@ | System.ComponentModel;VersionConverter;ConvertFrom;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.ComponentModel;VersionConverter;ConvertTo;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object,System.Type);Argument[2].Element;ReturnValue;taint;dfc-generated | | System.ComponentModel;VersionConverter;ConvertTo;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object,System.Type);Argument[2];ReturnValue;taint;dfc-generated | +| System.ComponentModel;Win32Exception;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Configuration.Internal;IConfigErrorInfo;get_Filename;();Argument[this];ReturnValue;taint;df-generated | | System.Configuration.Internal;IConfigSystem;Init;(System.Type,System.Object[]);Argument[1].Element;Argument[this];taint;df-generated | | System.Configuration.Internal;IConfigSystem;get_Host;();Argument[this];ReturnValue;taint;df-generated | @@ -6347,6 +6354,7 @@ | System.Configuration;ConfigXmlDocument;CreateWhitespace;(System.String);Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];ReturnValue.SyntheticField[System.Configuration.ConfigXmlWhitespace._filename];value;dfc-generated | | System.Configuration;ConfigXmlDocument;CreateWhitespace;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Configuration;ConfigXmlDocument;CreateWhitespace;(System.String);Argument[this];ReturnValue;taint;dfc-generated | +| System.Configuration;ConfigXmlDocument;Load;(System.String);Argument[0];Argument[this];taint;manual | | System.Configuration;ConfigXmlDocument;LoadSingleElement;(System.String,System.Xml.XmlTextReader);Argument[0];Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];value;dfc-generated | | System.Configuration;ConfigXmlDocument;get_Filename;();Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];ReturnValue;value;df-generated | | System.Configuration;ConfigXmlDocument;get_Filename;();Argument[this].SyntheticField[System.Configuration.ConfigXmlDocument._filename];ReturnValue;value;dfc-generated | @@ -6778,6 +6786,9 @@ | System.Data.Entity.Core.Common;DbCommandDefinition;DbCommandDefinition;(System.Data.Common.DbCommand,System.Func);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Common;DbProviderServices;RegisterInfoMessageHandler;(System.Data.Common.DbConnection,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | +| System.Data.Entity.Core.EntityClient;EntityConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Data.Entity.Core.Metadata.Edm;CsdlSerializer;add_OnError;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Metadata.Edm;CsdlSerializer;remove_OnError;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.Entity.Core.Metadata.Edm;MetadataWorkspace;LoadFromAssembly;(System.Reflection.Assembly,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -7147,12 +7158,16 @@ | System.Data.SqlClient;SqlConnection;add_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnection;remove_InfoMessage;(System.Data.SqlClient.SqlInfoMessageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlConnectionStringBuilder;TryGetValue;(System.String,System.Object);Argument[this];ReturnValue;taint;df-generated | +| System.Data.SqlClient;SqlConnectionStringBuilder;get_Item;(System.String);Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];ReturnValue;value;manual | +| System.Data.SqlClient;SqlConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[0];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key];value;manual | +| System.Data.SqlClient;SqlConnectionStringBuilder;set_Item;(System.String,System.Object);Argument[1];Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value];value;manual | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdated;(System.Data.SqlClient.SqlRowUpdatedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDataAdapter;add_RowUpdating;(System.Data.SqlClient.SqlRowUpdatingEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDataAdapter;remove_RowUpdated;(System.Data.SqlClient.SqlRowUpdatedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDataAdapter;remove_RowUpdating;(System.Data.SqlClient.SqlRowUpdatingEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDependency;add_OnChange;(System.Data.SqlClient.OnChangeEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlDependency;remove_OnChange;(System.Data.SqlClient.OnChangeEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | +| System.Data.SqlClient;SqlException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Data.SqlClient;SqlInfoMessageEventHandler;BeginInvoke;(System.Object,System.Data.SqlClient.SqlInfoMessageEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlRowUpdatedEventHandler;BeginInvoke;(System.Object,System.Data.SqlClient.SqlRowUpdatedEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Data.SqlClient;SqlRowUpdatingEventHandler;BeginInvoke;(System.Object,System.Data.SqlClient.SqlRowUpdatingEventArgs,System.AsyncCallback,System.Object);Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | @@ -7211,6 +7226,7 @@ | System.Data;DBConcurrencyException;DBConcurrencyException;(System.String,System.Exception,System.Data.DataRow[]);Argument[2];Argument[this].SyntheticField[System.Data.DBConcurrencyException._dataRows];value;dfc-generated | | System.Data;DataColumn;DataColumn;(System.String,System.Type,System.String,System.Data.MappingType);Argument[0];Argument[this];taint;df-generated | | System.Data;DataColumn;DataColumn;(System.String,System.Type,System.String,System.Data.MappingType);Argument[2];Argument[this];taint;df-generated | +| System.Data;DataColumn;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Data;DataColumn;get_Table;();Argument[this];ReturnValue;taint;df-generated | | System.Data;DataColumnChangeEventArgs;DataColumnChangeEventArgs;(System.Data.DataRow,System.Data.DataColumn,System.Object);Argument[1];Argument[this].SyntheticField[System.Data.DataColumnChangeEventArgs._column];value;dfc-generated | | System.Data;DataColumnChangeEventArgs;get_Column;();Argument[this].SyntheticField[System.Data.DataColumnChangeEventArgs._column];ReturnValue;value;dfc-generated | @@ -7353,6 +7369,7 @@ | System.Data;DataTable;Select;(System.String);Argument[this];ReturnValue;taint;df-generated | | System.Data;DataTable;Select;(System.String,System.String);Argument[this];ReturnValue;taint;df-generated | | System.Data;DataTable;Select;(System.String,System.String,System.Data.DataViewRowState);Argument[this];ReturnValue;taint;df-generated | +| System.Data;DataTable;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Data;DataTable;add_ColumnChanged;(System.Data.DataColumnChangeEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data;DataTable;add_ColumnChanging;(System.Data.DataColumnChangeEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Data;DataTable;add_RowChanged;(System.Data.DataRowChangeEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -7758,6 +7775,7 @@ | System.Diagnostics;Process;GetProcessById;(System.Int32,System.String);Argument[1];ReturnValue.SyntheticField[System.Diagnostics.Process._machineName];value;dfc-generated | | System.Diagnostics;Process;GetProcesses;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Diagnostics;Process;Start;(System.Diagnostics.ProcessStartInfo);Argument[0];ReturnValue;taint;df-generated | +| System.Diagnostics;Process;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;Process;add_ErrorDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;add_Exited;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;add_OutputDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -7773,7 +7791,10 @@ | System.Diagnostics;Process;remove_ErrorDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;remove_Exited;(System.EventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Diagnostics;Process;remove_OutputDataReceived;(System.Diagnostics.DataReceivedEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | +| System.Diagnostics;ProcessModule;ToString;();Argument[this].Property[System.Diagnostics.ProcessModule.ModuleName];ReturnValue;taint;df-generated | | System.Diagnostics;ProcessModule;ToString;();Argument[this].Property[System.Diagnostics.ProcessModule.ModuleName];ReturnValue;taint;dfc-generated | +| System.Diagnostics;ProcessModule;ToString;();Argument[this];ReturnValue;taint;df-generated | +| System.Diagnostics;ProcessModule;ToString;();Argument[this];ReturnValue;taint;dfc-generated | | System.Diagnostics;ProcessModule;get_FileName;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;ProcessModule;get_ModuleName;();Argument[this];ReturnValue;taint;df-generated | | System.Diagnostics;ProcessModuleCollection;CopyTo;(System.Diagnostics.ProcessModule[],System.Int32);Argument[this].Element;Argument[0].Element;value;manual | @@ -7850,6 +7871,7 @@ | System.Drawing.Printing;MarginsConverter;ConvertFrom;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object);Argument[2];ReturnValue;value;dfc-generated | | System.Drawing.Printing;MarginsConverter;ConvertTo;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object,System.Type);Argument[2].Element;ReturnValue;taint;dfc-generated | | System.Drawing.Printing;MarginsConverter;ConvertTo;(System.ComponentModel.ITypeDescriptorContext,System.Globalization.CultureInfo,System.Object,System.Type);Argument[2];ReturnValue;taint;dfc-generated | +| System.Drawing.Printing;PrintDocument;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Drawing.Printing;PrintDocument;add_BeginPrint;(System.Drawing.Printing.PrintEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Drawing.Printing;PrintDocument;add_EndPrint;(System.Drawing.Printing.PrintEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Drawing.Printing;PrintDocument;add_PrintPage;(System.Drawing.Printing.PrintPageEventHandler);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | @@ -8263,6 +8285,7 @@ | System.IO;DirectoryInfo;EnumerateFiles;(System.String,System.IO.SearchOption);Argument[this];ReturnValue;taint;df-generated | | System.IO;DirectoryInfo;MoveTo;(System.String);Argument[0];Argument[this].Field[System.IO.FileSystemInfo.FullPath];value;dfc-generated | | System.IO;DirectoryInfo;MoveTo;(System.String);Argument[0];Argument[this].Field[System.IO.FileSystemInfo.OriginalPath];value;dfc-generated | +| System.IO;DirectoryInfo;ToString;();Argument[this].Field[System.IO.FileSystemInfo.OriginalPath];ReturnValue;value;dfc-generated | | System.IO;DirectoryInfo;get_Parent;();Argument[this].Field[System.IO.FileSystemInfo.FullPath];ReturnValue.Field[System.IO.FileSystemInfo.FullPath];value;dfc-generated | | System.IO;DirectoryInfo;get_Parent;();Argument[this].Field[System.IO.FileSystemInfo.FullPath];ReturnValue.Field[System.IO.FileSystemInfo.OriginalPath];value;dfc-generated | | System.IO;DriveInfo;DriveInfo;(System.String);Argument[0];Argument[this].SyntheticField[System.IO.DriveInfo._name];value;dfc-generated | @@ -8315,7 +8338,9 @@ | System.IO;FileInfo;OpenWrite;();Argument[this].Field[System.IO.FileSystemInfo.FullPath];ReturnValue;taint;dfc-generated | | System.IO;FileInfo;get_Directory;();Argument[this];ReturnValue;taint;df-generated | | System.IO;FileInfo;get_DirectoryName;();Argument[this].Field[System.IO.FileSystemInfo.FullPath];ReturnValue;value;dfc-generated | +| System.IO;FileLoadException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.IO;FileLoadException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | +| System.IO;FileNotFoundException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.IO;FileNotFoundException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System.IO;FileStream;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess,System.Int32);Argument[this];Argument[this].SyntheticField[System.IO.FileStream._strategy].SyntheticField[System.IO.Strategies.DerivedFileStreamStrategy._fileStream];value;dfc-generated | | System.IO;FileStream;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess,System.Int32,System.Boolean);Argument[this];Argument[this].SyntheticField[System.IO.FileStream._strategy].SyntheticField[System.IO.Strategies.DerivedFileStreamStrategy._fileStream];value;dfc-generated | @@ -10217,6 +10242,8 @@ | System.Net.Http.Headers;NameValueHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];ReturnValue;value;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;NameValueHeaderValue;get_Name;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];ReturnValue;value;dfc-generated | +| System.Net.Http.Headers;NameValueWithParametersHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._name];ReturnValue;value;dfc-generated | +| System.Net.Http.Headers;NameValueWithParametersHeaderValue;ToString;();Argument[this].SyntheticField[System.Net.Http.Headers.NameValueHeaderValue._value];ReturnValue;taint;dfc-generated | | System.Net.Http.Headers;ProductHeaderValue;Clone;();Argument[this].SyntheticField[System.Net.Http.Headers.ProductHeaderValue._name];ReturnValue.SyntheticField[System.Net.Http.Headers.ProductHeaderValue._name];value;dfc-generated | | System.Net.Http.Headers;ProductHeaderValue;Clone;();Argument[this].SyntheticField[System.Net.Http.Headers.ProductHeaderValue._version];ReturnValue.SyntheticField[System.Net.Http.Headers.ProductHeaderValue._version];value;dfc-generated | | System.Net.Http.Headers;ProductHeaderValue;ProductHeaderValue;(System.String,System.String);Argument[0];Argument[this].SyntheticField[System.Net.Http.Headers.ProductHeaderValue._name];value;dfc-generated | @@ -10992,6 +11019,7 @@ | System.Reflection.Emit;FieldBuilder;SetConstantCore;(System.Object);Argument[0];Argument[this];taint;df-generated | | System.Reflection.Emit;FieldBuilder;SetCustomAttributeCore;(System.Reflection.ConstructorInfo,System.ReadOnlySpan);Argument[1];Argument[this];taint;df-generated | | System.Reflection.Emit;GenericTypeParameterBuilder;SetInterfaceConstraintsCore;(System.Type[]);Argument[0].Element;Argument[this];taint;df-generated | +| System.Reflection.Emit;GenericTypeParameterBuilder;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;ILGenerator;DeclareLocal;(System.Type);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;ILGenerator;DeclareLocal;(System.Type,System.Boolean);Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Emit;LocalBuilder;get_LocalType;();Argument[this];ReturnValue;taint;df-generated | @@ -11079,6 +11107,7 @@ | System.Reflection.Emit;TypeBuilder;GetConstructor;(System.Type,System.Reflection.ConstructorInfo);Argument[1];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;GetField;(System.Type,System.Reflection.FieldInfo);Argument[1];ReturnValue;taint;df-generated | | System.Reflection.Emit;TypeBuilder;GetMethod;(System.Type,System.Reflection.MethodInfo);Argument[1];ReturnValue;taint;df-generated | +| System.Reflection.Emit;TypeBuilder;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection.Metadata.Ecma335;BlobEncoder;CustomAttributeSignature;(System.Action,System.Action);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System.Reflection.Metadata.Ecma335;BlobEncoder;CustomAttributeSignature;(System.Action,System.Action);Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Reflection.Metadata.Ecma335;CustomModifiersEncoder;AddModifier;(System.Reflection.Metadata.EntityHandle,System.Boolean);Argument[this];ReturnValue;value;dfc-generated | @@ -11568,6 +11597,7 @@ | System.Reflection;PropertyInfoExtensions;GetSetMethod;(System.Reflection.PropertyInfo,System.Boolean);Argument[0];ReturnValue;taint;df-generated | | System.Reflection;ReflectionContext;MapAssembly;(System.Reflection.Assembly);Argument[0];ReturnValue;value;dfc-generated | | System.Reflection;ReflectionContext;MapType;(System.Reflection.TypeInfo);Argument[0];ReturnValue;value;dfc-generated | +| System.Reflection;ReflectionTypeLoadException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Reflection;ReflectionTypeLoadException;get_Message;();Argument[this].Property[System.Exception.Message];ReturnValue;value;dfc-generated | | System.Reflection;ReflectionTypeLoadException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System.Reflection;RuntimeReflectionExtensions;GetMethodInfo;(System.Delegate);Argument[0].Property[System.Delegate.Method];ReturnValue;value;dfc-generated | @@ -11803,12 +11833,14 @@ | System.Runtime.InteropServices;ArrayWithOffset;GetArray;();Argument[this].SyntheticField[System.Runtime.InteropServices.ArrayWithOffset.m_array];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;CLong;CLong;(System.IntPtr);Argument[0];Argument[this].SyntheticField[System.Runtime.InteropServices.CLong._value];value;dfc-generated | | System.Runtime.InteropServices;CLong;get_Value;();Argument[this].SyntheticField[System.Runtime.InteropServices.CLong._value];ReturnValue;value;dfc-generated | +| System.Runtime.InteropServices;COMException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.InteropServices;CULong;CULong;(System.UIntPtr);Argument[0];Argument[this].SyntheticField[System.Runtime.InteropServices.CULong._value];value;dfc-generated | | System.Runtime.InteropServices;CULong;get_Value;();Argument[this].SyntheticField[System.Runtime.InteropServices.CULong._value];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;CollectionsMarshal;AsSpan;(System.Collections.Generic.List);Argument[0].Element;ReturnValue;taint;df-generated | | System.Runtime.InteropServices;CriticalHandle;CriticalHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.CriticalHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;CriticalHandle;SetHandle;(System.IntPtr);Argument[0];Argument[this].Field[System.Runtime.InteropServices.CriticalHandle.handle];value;dfc-generated | | System.Runtime.InteropServices;DllImportResolver;BeginInvoke;(System.String,System.Reflection.Assembly,System.Nullable,System.AsyncCallback,System.Object);Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | +| System.Runtime.InteropServices;ExternalException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Runtime.InteropServices;GCHandle;FromIntPtr;(System.IntPtr);Argument[0];ReturnValue.SyntheticField[System.Runtime.InteropServices.GCHandle._handle];value;dfc-generated | | System.Runtime.InteropServices;GCHandle;ToIntPtr;(System.Runtime.InteropServices.GCHandle);Argument[0].SyntheticField[System.Runtime.InteropServices.GCHandle._handle];ReturnValue;value;dfc-generated | | System.Runtime.InteropServices;HandleRef;HandleRef;(System.Object,System.IntPtr);Argument[0];Argument[this].SyntheticField[System.Runtime.InteropServices.HandleRef._wrapper];value;dfc-generated | @@ -12084,8 +12116,12 @@ | System.Security.Cryptography.X509Certificates;X509AuthorityKeyIdentifierExtension;get_SerialNumber;();Argument[this];ReturnValue;taint;df-generated | | System.Security.Cryptography.X509Certificates;X509BasicConstraintsExtension;CopyFrom;(System.Security.Cryptography.AsnEncodedData);Argument[0].SyntheticField[System.Security.Cryptography.AsnEncodedData._rawData].Element;Argument[this].SyntheticField[System.Security.Cryptography.AsnEncodedData._rawData].Element;value;dfc-generated | | System.Security.Cryptography.X509Certificates;X509BasicConstraintsExtension;CopyFrom;(System.Security.Cryptography.AsnEncodedData);Argument[0].SyntheticField[System.Security.Cryptography.AsnEncodedData._rawData];Argument[this].SyntheticField[System.Security.Cryptography.AsnEncodedData._rawData];value;dfc-generated | +| System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Issuer];ReturnValue;taint;df-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Issuer];ReturnValue;taint;dfc-generated | +| System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Subject];ReturnValue;taint;df-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Subject];ReturnValue;taint;dfc-generated | +| System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this];ReturnValue;taint;df-generated | +| System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;();Argument[this];ReturnValue;taint;dfc-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;(System.Boolean);Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Issuer];ReturnValue;taint;dfc-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;ToString;(System.Boolean);Argument[this].Property[System.Security.Cryptography.X509Certificates.X509Certificate.Subject];ReturnValue;taint;dfc-generated | | System.Security.Cryptography.X509Certificates;X509Certificate2;get_Extensions;();Argument[this];ReturnValue;taint;df-generated | @@ -12436,6 +12472,7 @@ | System.Security.Principal;WindowsIdentity;get_Claims;();Argument[this].SyntheticField[System.Security.Claims.ClaimsIdentity._instanceClaims].Element;ReturnValue.Element;value;dfc-generated | | System.Security.Principal;WindowsIdentity;get_Claims;();Argument[this].SyntheticField[System.Security.Claims.ClaimsIdentity._instanceClaims];ReturnValue;value;dfc-generated | | System.Security.Principal;WindowsPrincipal;get_Identity;();Argument[this].SyntheticField[System.Security.Claims.ClaimsPrincipal._identities].Element;ReturnValue;value;dfc-generated | +| System.Security;HostProtectionException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Security;IPermission;Copy;();Argument[this];ReturnValue;value;dfc-generated | | System.Security;IPermission;Intersect;(System.Security.IPermission);Argument[0];ReturnValue;value;dfc-generated | | System.Security;IPermission;Union;(System.Security.IPermission);Argument[this];ReturnValue;taint;df-generated | @@ -12455,6 +12492,7 @@ | System.Security;SecurityElement;ToString;();Argument[this].SyntheticField[System.Security.SecurityElement._attributes].Element;ReturnValue;taint;dfc-generated | | System.Security;SecurityElement;ToString;();Argument[this].SyntheticField[System.Security.SecurityElement._tag];ReturnValue;taint;dfc-generated | | System.Security;SecurityElement;ToString;();Argument[this].SyntheticField[System.Security.SecurityElement._text];ReturnValue;taint;dfc-generated | +| System.Security;SecurityException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System.Text.Encodings.Web;TextEncoder;Encode;(System.IO.TextWriter,System.Char[],System.Int32,System.Int32);Argument[1].Element;Argument[0];taint;df-generated | | System.Text.Encodings.Web;TextEncoder;Encode;(System.IO.TextWriter,System.String);Argument[1];Argument[0];taint;df-generated | | System.Text.Encodings.Web;TextEncoder;Encode;(System.IO.TextWriter,System.String,System.Int32,System.Int32);Argument[1];Argument[0];taint;df-generated | @@ -14799,6 +14837,10 @@ | System.Xml;XmlDataDocument;GetElementFromRow;(System.Data.DataRow);Argument[0];ReturnValue;taint;df-generated | | System.Xml;XmlDataDocument;GetElementsByTagName;(System.String);Argument[0];ReturnValue;taint;df-generated | | System.Xml;XmlDataDocument;GetRowFromElement;(System.Xml.XmlElement);Argument[0].Element;ReturnValue;taint;df-generated | +| System.Xml;XmlDataDocument;Load;(System.IO.Stream);Argument[0];Argument[this];taint;manual | +| System.Xml;XmlDataDocument;Load;(System.IO.TextReader);Argument[0];Argument[this];taint;manual | +| System.Xml;XmlDataDocument;Load;(System.String);Argument[0];Argument[this];taint;manual | +| System.Xml;XmlDataDocument;Load;(System.Xml.XmlReader);Argument[0];Argument[this];taint;manual | | System.Xml;XmlDataDocument;XmlDataDocument;(System.Data.DataSet);Argument[0];Argument[this].SyntheticField[System.Xml.XmlDataDocument._dataSet];value;dfc-generated | | System.Xml;XmlDataDocument;get_DataSet;();Argument[this].SyntheticField[System.Xml.XmlDataDocument._dataSet];ReturnValue;value;dfc-generated | | System.Xml;XmlDeclaration;XmlDeclaration;(System.String,System.String,System.String,System.Xml.XmlDocument);Argument[0];Argument[this];taint;df-generated | @@ -15375,6 +15417,7 @@ | System;AggregateException;Handle;(System.Func);Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | System;AggregateException;Handle;(System.Func);Argument[this].SyntheticField[System.AggregateException._innerExceptions].Element;Argument[0].Parameter[0];value;dfc-generated | | System;AggregateException;Handle;(System.Func);Argument[this].SyntheticField[System.AggregateException._innerExceptions].Element;Argument[0].Parameter[0];value;hq-generated | +| System;AggregateException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System;AggregateException;get_Message;();Argument[this].Property[System.Exception.Message];ReturnValue;value;dfc-generated | | System;AggregateException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | | System;AppDomain;ApplyPolicy;(System.String);Argument[0];ReturnValue;value;dfc-generated | @@ -15496,6 +15539,7 @@ | System;BadImageFormatException;BadImageFormatException;(System.Runtime.Serialization.SerializationInfo,System.Runtime.Serialization.StreamingContext);Argument[0].SyntheticField[System.Runtime.Serialization.SerializationInfo._values].Element;Argument[this].SyntheticField[System.BadImageFormatException._fusionLog];value;dfc-generated | | System;BadImageFormatException;BadImageFormatException;(System.String,System.String);Argument[1];Argument[this].SyntheticField[System.BadImageFormatException._fileName];value;dfc-generated | | System;BadImageFormatException;BadImageFormatException;(System.String,System.String,System.Exception);Argument[1];Argument[this].SyntheticField[System.BadImageFormatException._fileName];value;dfc-generated | +| System;BadImageFormatException;ToString;();Argument[this];ReturnValue;taint;df-generated | | System;BadImageFormatException;get_FileName;();Argument[this].SyntheticField[System.BadImageFormatException._fileName];ReturnValue;value;dfc-generated | | System;BadImageFormatException;get_FusionLog;();Argument[this].SyntheticField[System.BadImageFormatException._fusionLog];ReturnValue;value;dfc-generated | | System;BadImageFormatException;get_Message;();Argument[this].SyntheticField[System.Exception._message];ReturnValue;value;dfc-generated | From 4933f7ff78c392ed7a3b2f5fab25674b78c365b9 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 22 Nov 2024 08:10:04 +0100 Subject: [PATCH 3/3] C#: Update expected test output. --- .../dataflow/async/Async.expected | 2 +- .../collections/CollectionFlow.expected | 30 ++++----- .../external-models/ExternalFlow.expected | 62 +++++++++---------- .../dataflow/global/DataFlowPath.expected | 28 ++++----- .../global/TaintTrackingPath.expected | 48 +++++++------- .../threat-models-flowtest1.expected | 4 +- .../threat-models-flowtest2.expected | 6 +- .../threat-models-flowtest3.expected | 10 +-- .../threat-models-flowtest4.expected | 12 ++-- .../threat-models-flowtest5.expected | 8 +-- .../threat-models-flowtest6.expected | 8 +-- .../TypeFlowDispatch.expected | 2 +- .../EntityFramework/Dataflow.expected | 8 +-- .../UntrustedDataToExternalAPI.expected | 4 +- .../CWE-022/TaintedPath/TaintedPath.expected | 2 +- .../CWE-022/ZipSlip/ZipSlip.expected | 4 +- .../CWE-078/CommandInjection.expected | 2 +- .../CWE-079/StoredXSS/StoredXSS.expected | 2 +- .../CWE-079/XSS/XSS.expected | 6 +- .../CWE-079/XSSAsp/XSS.expected | 12 ++-- .../CWE-089/SqlInjection.expected | 52 ++++++++-------- .../CWE-090/LDAPInjection.expected | 2 +- .../XMLInjection/XMLInjection.expected | 2 +- .../CWE-094/CodeInjection.expected | 2 +- .../CWE-099/ResourceInjection.expected | 2 +- .../CWE-112/MissingXMLValidation.expected | 4 +- .../AssemblyPathInjection.expected | 2 +- .../CWE-117/LogForging.expected | 2 +- .../CWE-134/UncontrolledFormatString.expected | 4 +- .../ExposureInTransmittedData.expected | 4 +- .../ExceptionInformationExposure.expected | 4 +- .../CWE-338/InsecureRandomness.expected | 6 +- ...safeDeserializationUntrustedInput.expected | 4 +- ...safeDeserializationUntrustedInput.expected | 2 +- .../CWE-601/UrlRedirect/UrlRedirect.expected | 10 +-- .../CWE-611/UntrustedDataInsecureXml.expected | 2 +- .../CWE-643/XPathInjection.expected | 2 +- .../CWE-730/ReDoS/ReDoS.expected | 2 +- .../CWE-730/ReDoSGlobalTimeout/ReDoS.expected | 2 +- .../RegexInjection/RegexInjection.expected | 2 +- .../CWE-807/ConditionalBypass.expected | 6 +- .../CWE-838/InappropriateEncoding.expected | 6 +- 42 files changed, 192 insertions(+), 192 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/async/Async.expected b/csharp/ql/test/library-tests/dataflow/async/Async.expected index baab59e91808..eb942156b3a2 100644 --- a/csharp/ql/test/library-tests/dataflow/async/Async.expected +++ b/csharp/ql/test/library-tests/dataflow/async/Async.expected @@ -1,5 +1,5 @@ models -| 1 | Summary: System.Threading.Tasks; Task; false; FromResult; (TResult); ; Argument[0]; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | +| 1 | Summary: System.Threading.Tasks; Task; true; FromResult; (TResult); ; Argument[0]; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | edges | Async.cs:9:37:9:41 | input : String | Async.cs:11:21:11:25 | access to parameter input : String | provenance | | | Async.cs:11:21:11:25 | access to parameter input : String | Async.cs:11:14:11:26 | call to method Return | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected b/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected index 18155300ff0f..91f6d4a5a737 100644 --- a/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected @@ -1,6 +1,6 @@ models -| 1 | Summary: System.Collections.Generic; Dictionary; false; get_Keys; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; ReturnValue.Element; value; manual | -| 2 | Summary: System.Collections.Generic; Dictionary; false; get_Values; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; ReturnValue.Element; value; manual | +| 1 | Summary: System.Collections.Generic; Dictionary; true; get_Keys; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; ReturnValue.Element; value; manual | +| 2 | Summary: System.Collections.Generic; Dictionary; true; get_Values; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; ReturnValue.Element; value; manual | | 3 | Summary: System.Collections.Generic; ICollection; true; Add; (T); ; Argument[0]; Argument[this].Element; value; manual | | 4 | Summary: System.Collections.Generic; IDictionary; true; Add; (TKey,TValue); ; Argument[0]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; value; manual | | 5 | Summary: System.Collections.Generic; IDictionary; true; Add; (TKey,TValue); ; Argument[1]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; value; manual | @@ -11,20 +11,20 @@ models | 10 | Summary: System.Collections.Generic; IDictionary; true; set_Item; (TKey,TValue); ; Argument[1]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; value; manual | | 11 | Summary: System.Collections.Generic; IList; true; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | | 12 | Summary: System.Collections.Generic; IList; true; set_Item; (System.Int32,T); ; Argument[1]; Argument[this].Element; value; manual | -| 13 | Summary: System.Collections.Generic; KeyValuePair; false; KeyValuePair; (TKey,TValue); ; Argument[0]; Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Key]; value; manual | -| 14 | Summary: System.Collections.Generic; List+Enumerator; false; get_Current; (); ; Argument[this].Property[System.Collections.Generic.List`1+Enumerator.Current]; ReturnValue; value; dfc-generated | -| 15 | Summary: System.Collections.Generic; List; false; GetEnumerator; (); ; Argument[this].Element; ReturnValue.Property[System.Collections.Generic.List`1+Enumerator.Current]; value; manual | +| 13 | Summary: System.Collections.Generic; KeyValuePair; true; KeyValuePair; (TKey,TValue); ; Argument[0]; Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Key]; value; manual | +| 14 | Summary: System.Collections.Generic; List+Enumerator; true; get_Current; (); ; Argument[this].Property[System.Collections.Generic.List`1+Enumerator.Current]; ReturnValue; value; dfc-generated | +| 15 | Summary: System.Collections.Generic; List; true; GetEnumerator; (); ; Argument[this].Element; ReturnValue.Property[System.Collections.Generic.List`1+Enumerator.Current]; value; manual | | 16 | Summary: System.Collections; IEnumerable; true; GetEnumerator; (); ; Argument[this].Element; ReturnValue.Property[System.Collections.IEnumerator.Current]; value; manual | -| 17 | Summary: System.Linq; Enumerable; false; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | -| 18 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 19 | Summary: System; ReadOnlySpan; false; ReadOnlySpan; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual | -| 20 | Summary: System; ReadOnlySpan; false; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | -| 21 | Summary: System; Span; false; CopyTo; (System.Span); ; Argument[this].Element; Argument[0].Element; value; manual | -| 22 | Summary: System; Span; false; Fill; (T); ; Argument[0]; Argument[this].Element; value; manual | -| 23 | Summary: System; Span; false; Span; (T); ; Argument[0]; Argument[this].Element; value; manual | -| 24 | Summary: System; Span; false; Span; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual | -| 25 | Summary: System; Span; false; ToArray; (); ; Argument[this].Element; ReturnValue.Element; value; manual | -| 26 | Summary: System; Span; false; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | +| 17 | Summary: System.Linq; Enumerable; true; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | +| 18 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 19 | Summary: System; ReadOnlySpan; true; ReadOnlySpan; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual | +| 20 | Summary: System; ReadOnlySpan; true; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | +| 21 | Summary: System; Span; true; CopyTo; (System.Span); ; Argument[this].Element; Argument[0].Element; value; manual | +| 22 | Summary: System; Span; true; Fill; (T); ; Argument[0]; Argument[this].Element; value; manual | +| 23 | Summary: System; Span; true; Span; (T); ; Argument[0]; Argument[this].Element; value; manual | +| 24 | Summary: System; Span; true; Span; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual | +| 25 | Summary: System; Span; true; ToArray; (); ; Argument[this].Element; ReturnValue.Element; value; manual | +| 26 | Summary: System; Span; true; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual | edges | CollectionFlow.cs:14:40:14:41 | ts : A[] [element] : A | CollectionFlow.cs:14:52:14:53 | access to parameter ts : A[] [element] : A | provenance | | | CollectionFlow.cs:14:40:14:41 | ts : null [element] : A | CollectionFlow.cs:14:52:14:53 | access to parameter ts : null [element] : A | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected index 7254208be186..381e43774155 100644 --- a/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected +++ b/csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected @@ -1,37 +1,37 @@ models -| 1 | Summary: My.Qltest; D; false; Apply2; (System.Action,My.Qltest.D,My.Qltest.D); ; Argument[1].Field[My.Qltest.D.Field]; Argument[0].Parameter[0]; value; manual | -| 2 | Summary: My.Qltest; D; false; Apply; (System.Func,S); ; Argument[0].ReturnValue; ReturnValue; value; manual | -| 3 | Summary: My.Qltest; D; false; Apply; (System.Func,S); ; Argument[1]; Argument[0].Parameter[0]; value; manual | -| 4 | Summary: My.Qltest; D; false; Map; (S[],System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 5 | Summary: My.Qltest; D; false; Map; (S[],System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | -| 6 | Summary: My.Qltest; D; false; Parse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual | -| 7 | Summary: My.Qltest; D; false; Reverse; (System.Object[]); ; Argument[0].WithElement; ReturnValue; value; manual | -| 8 | Summary: My.Qltest; D; false; StepArgArg; (System.Object,System.Object); ; Argument[0]; Argument[1]; taint; manual | -| 9 | Summary: My.Qltest; D; false; StepArgQual; (System.Object); ; Argument[0]; Argument[this]; taint; manual | -| 10 | Summary: My.Qltest; D; false; StepArgRes; (System.Object); ; Argument[0]; ReturnValue; taint; manual | -| 11 | Summary: My.Qltest; D; false; StepElementGetter; (); ; Argument[this].Element; ReturnValue; value; manual | -| 12 | Summary: My.Qltest; D; false; StepElementSetter; (System.Object); ; Argument[0]; Argument[this].Element; value; manual | -| 13 | Summary: My.Qltest; D; false; StepFieldGetter; (); ; Argument[this].Field[My.Qltest.D.Field]; ReturnValue; value; manual | -| 14 | Summary: My.Qltest; D; false; StepFieldSetter; (System.Object); ; Argument[0]; Argument[this].Field[My.Qltest.D.Field]; value; manual | -| 15 | Summary: My.Qltest; D; false; StepFieldSetter; (System.Object); ; Argument[this]; ReturnValue.Field[My.Qltest.D.Field2]; value; manual | -| 16 | Summary: My.Qltest; D; false; StepPropertyGetter; (); ; Argument[this].Property[My.Qltest.D.Property]; ReturnValue; value; manual | -| 17 | Summary: My.Qltest; D; false; StepPropertySetter; (System.Object); ; Argument[0]; Argument[this].Property[My.Qltest.D.Property]; value; manual | +| 1 | Summary: My.Qltest; D; true; Apply2; (System.Action,My.Qltest.D,My.Qltest.D); ; Argument[1].Field[My.Qltest.D.Field]; Argument[0].Parameter[0]; value; manual | +| 2 | Summary: My.Qltest; D; true; Apply; (System.Func,S); ; Argument[0].ReturnValue; ReturnValue; value; manual | +| 3 | Summary: My.Qltest; D; true; Apply; (System.Func,S); ; Argument[1]; Argument[0].Parameter[0]; value; manual | +| 4 | Summary: My.Qltest; D; true; Map; (S[],System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 5 | Summary: My.Qltest; D; true; Map; (S[],System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | +| 6 | Summary: My.Qltest; D; true; Parse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual | +| 7 | Summary: My.Qltest; D; true; Reverse; (System.Object[]); ; Argument[0].WithElement; ReturnValue; value; manual | +| 8 | Summary: My.Qltest; D; true; StepArgArg; (System.Object,System.Object); ; Argument[0]; Argument[1]; taint; manual | +| 9 | Summary: My.Qltest; D; true; StepArgQual; (System.Object); ; Argument[0]; Argument[this]; taint; manual | +| 10 | Summary: My.Qltest; D; true; StepArgRes; (System.Object); ; Argument[0]; ReturnValue; taint; manual | +| 11 | Summary: My.Qltest; D; true; StepElementGetter; (); ; Argument[this].Element; ReturnValue; value; manual | +| 12 | Summary: My.Qltest; D; true; StepElementSetter; (System.Object); ; Argument[0]; Argument[this].Element; value; manual | +| 13 | Summary: My.Qltest; D; true; StepFieldGetter; (); ; Argument[this].Field[My.Qltest.D.Field]; ReturnValue; value; manual | +| 14 | Summary: My.Qltest; D; true; StepFieldSetter; (System.Object); ; Argument[0]; Argument[this].Field[My.Qltest.D.Field]; value; manual | +| 15 | Summary: My.Qltest; D; true; StepFieldSetter; (System.Object); ; Argument[this]; ReturnValue.Field[My.Qltest.D.Field2]; value; manual | +| 16 | Summary: My.Qltest; D; true; StepPropertyGetter; (); ; Argument[this].Property[My.Qltest.D.Property]; ReturnValue; value; manual | +| 17 | Summary: My.Qltest; D; true; StepPropertySetter; (System.Object); ; Argument[0]; Argument[this].Property[My.Qltest.D.Property]; value; manual | | 18 | Summary: My.Qltest; E; true; get_MyProp; (); ; Argument[this].Field[My.Qltest.E.MyField]; ReturnValue; value; manual | | 19 | Summary: My.Qltest; E; true; set_MyProp; (System.Object); ; Argument[0]; Argument[this].Field[My.Qltest.E.MyField]; value; manual | -| 20 | Summary: My.Qltest; HE; false; ExtensionMethod; (My.Qltest.HI); ; Argument[0]; ReturnValue; value; manual | -| 21 | Summary: My.Qltest; I; false; GetFirst; (My.Qltest.MyInlineArray); ; Argument[0].Element; ReturnValue; value; manual | -| 22 | Summary: My.Qltest; J; false; SetProp1; (System.Object); ; Argument[0]; Argument[this]; value; manual | -| 23 | Summary: My.Qltest; J; false; get_Prop1; (); ; Argument[this]; ReturnValue; value; manual | -| 24 | Summary: My.Qltest; K; false; GetMyFieldOnSyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField2].Field[My.Qltest.K.MyField]; ReturnValue; value; manual | -| 25 | Summary: My.Qltest; K; false; GetMyNestedSyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField1].SyntheticField[MySyntheticField1.MyNestedSyntheticField]; ReturnValue; value; manual | -| 26 | Summary: My.Qltest; K; false; GetMySyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField]; ReturnValue; value; manual | -| 27 | Summary: My.Qltest; K; false; SetMyFieldOnSyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField2].Field[My.Qltest.K.MyField]; value; manual | -| 28 | Summary: My.Qltest; K; false; SetMyNestedSyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField1].SyntheticField[MySyntheticField1.MyNestedSyntheticField]; value; manual | -| 29 | Summary: My.Qltest; K; false; SetMySyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField]; value; manual | -| 30 | Summary: My.Qltest; Library; false; GeneratedFlowWithGeneratedNeutral; (System.Object); ; Argument[0]; ReturnValue; value; df-generated | -| 31 | Summary: My.Qltest; Library; false; GetValue; (); ; Argument[this].SyntheticField[X]; ReturnValue; value; dfc-generated | -| 32 | Summary: My.Qltest; Library; false; MixedFlowArgs; (System.Object,System.Object); ; Argument[1]; ReturnValue; value; manual | -| 33 | Summary: My.Qltest; Library; false; SetValue; (System.Object); ; Argument[0]; Argument[this].SyntheticField[X]; value; dfc-generated | +| 20 | Summary: My.Qltest; HE; true; ExtensionMethod; (My.Qltest.HI); ; Argument[0]; ReturnValue; value; manual | +| 21 | Summary: My.Qltest; I; true; GetFirst; (My.Qltest.MyInlineArray); ; Argument[0].Element; ReturnValue; value; manual | +| 22 | Summary: My.Qltest; J; true; SetProp1; (System.Object); ; Argument[0]; Argument[this]; value; manual | +| 23 | Summary: My.Qltest; J; true; get_Prop1; (); ; Argument[this]; ReturnValue; value; manual | +| 24 | Summary: My.Qltest; K; true; GetMyFieldOnSyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField2].Field[My.Qltest.K.MyField]; ReturnValue; value; manual | +| 25 | Summary: My.Qltest; K; true; GetMyNestedSyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField1].SyntheticField[MySyntheticField1.MyNestedSyntheticField]; ReturnValue; value; manual | +| 26 | Summary: My.Qltest; K; true; GetMySyntheticField; (); ; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField]; ReturnValue; value; manual | +| 27 | Summary: My.Qltest; K; true; SetMyFieldOnSyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField2].Field[My.Qltest.K.MyField]; value; manual | +| 28 | Summary: My.Qltest; K; true; SetMyNestedSyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField1].SyntheticField[MySyntheticField1.MyNestedSyntheticField]; value; manual | +| 29 | Summary: My.Qltest; K; true; SetMySyntheticField; (System.Object); ; Argument[0]; Argument[this].SyntheticField[My.Qltest.K.MySyntheticField]; value; manual | +| 30 | Summary: My.Qltest; Library; true; GeneratedFlowWithGeneratedNeutral; (System.Object); ; Argument[0]; ReturnValue; value; df-generated | +| 31 | Summary: My.Qltest; Library; true; GetValue; (); ; Argument[this].SyntheticField[X]; ReturnValue; value; dfc-generated | +| 32 | Summary: My.Qltest; Library; true; MixedFlowArgs; (System.Object,System.Object); ; Argument[1]; ReturnValue; value; manual | +| 33 | Summary: My.Qltest; Library; true; SetValue; (System.Object); ; Argument[0]; Argument[this].SyntheticField[X]; value; dfc-generated | edges | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | provenance | | | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected index 74c1c62de1fe..6ad0f5a9113c 100644 --- a/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected @@ -1,18 +1,18 @@ models -| 1 | Summary: System.Collections.Generic; List; false; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | -| 2 | Summary: System.Linq; Enumerable; false; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | -| 3 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 4 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | -| 5 | Summary: System.Linq; Enumerable; false; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual | -| 6 | Summary: System.Linq; Enumerable; false; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual | -| 7 | Summary: System.Linq; Queryable; false; AsQueryable; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue.Element; value; manual | -| 8 | Summary: System.Linq; Queryable; false; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | -| 9 | Summary: System.Linq; Queryable; false; Select; (System.Linq.IQueryable,System.Linq.Expressions.Expression>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 10 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual | -| 11 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual | -| 12 | Summary: System.Threading.Tasks; Task; false; Run; (System.Func); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | -| 13 | Summary: System.Threading.Tasks; Task; false; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual | -| 14 | Summary: System; Lazy; false; Lazy; (System.Func); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual | +| 1 | Summary: System.Collections.Generic; List; true; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | +| 2 | Summary: System.Linq; Enumerable; true; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | +| 3 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 4 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | +| 5 | Summary: System.Linq; Enumerable; true; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual | +| 6 | Summary: System.Linq; Enumerable; true; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual | +| 7 | Summary: System.Linq; Queryable; true; AsQueryable; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue.Element; value; manual | +| 8 | Summary: System.Linq; Queryable; true; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | +| 9 | Summary: System.Linq; Queryable; true; Select; (System.Linq.IQueryable,System.Linq.Expressions.Expression>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 10 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable+ConfiguredTaskAwaiter; true; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual | +| 11 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable; true; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual | +| 12 | Summary: System.Threading.Tasks; Task; true; Run; (System.Func); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | +| 13 | Summary: System.Threading.Tasks; Task; true; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual | +| 14 | Summary: System; Lazy; true; Lazy; (System.Func); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual | edges | Capture.cs:7:20:7:26 | tainted : String | Capture.cs:14:9:14:18 | access to local function CaptureIn1 : CaptureIn1 [captured tainted] : String | provenance | | | Capture.cs:7:20:7:26 | tainted : String | Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected index 1d05b0ae55ed..81d2f8ce3576 100644 --- a/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected +++ b/csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected @@ -1,28 +1,28 @@ models -| 1 | Summary: System.Collections.Generic; List; false; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | -| 2 | Summary: System.Linq; Enumerable; false; Aggregate; (System.Collections.Generic.IEnumerable,TAccumulate,System.Func,System.Func); ; Argument[0].Element; Argument[2].Parameter[1]; value; manual | -| 3 | Summary: System.Linq; Enumerable; false; Aggregate; (System.Collections.Generic.IEnumerable,TAccumulate,System.Func,System.Func); ; Argument[1]; Argument[2].Parameter[0]; value; manual | -| 4 | Summary: System.Linq; Enumerable; false; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | -| 5 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 6 | Summary: System.Linq; Enumerable; false; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | -| 7 | Summary: System.Linq; Enumerable; false; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual | -| 8 | Summary: System.Linq; Enumerable; false; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual | -| 9 | Summary: System.Linq; Queryable; false; AsQueryable; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue.Element; value; manual | -| 10 | Summary: System.Linq; Queryable; false; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | -| 11 | Summary: System.Linq; Queryable; false; Select; (System.Linq.IQueryable,System.Linq.Expressions.Expression>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | -| 12 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual | -| 13 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual | -| 14 | Summary: System.Text; StringBuilder; false; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual | -| 15 | Summary: System.Text; StringBuilder; false; Append; (System.Text.StringBuilder); ; Argument[0]; Argument[this]; taint; manual | -| 16 | Summary: System.Text; StringBuilder; false; Append; (System.Text.StringBuilder+AppendInterpolatedStringHandler); ; Argument[0]; Argument[this]; taint; manual | -| 17 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual | -| 18 | Summary: System.Threading.Tasks; Task; false; Run; (System.Func); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | -| 19 | Summary: System.Threading.Tasks; Task; false; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual | -| 20 | Summary: System; Boolean; false; TryParse; (System.String,System.Boolean); ; Argument[0]; Argument[1]; taint; manual | -| 21 | Summary: System; Int32; false; TryParse; (System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32); ; Argument[0]; Argument[3]; taint; manual | -| 22 | Summary: System; Int32; false; TryParse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual | -| 23 | Summary: System; Lazy; false; Lazy; (System.Func); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual | -| 24 | Summary: System; String; false; Join; (System.String,System.String[]); ; Argument[1].Element; ReturnValue; taint; manual | +| 1 | Summary: System.Collections.Generic; List; true; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | +| 2 | Summary: System.Linq; Enumerable; true; Aggregate; (System.Collections.Generic.IEnumerable,TAccumulate,System.Func,System.Func); ; Argument[0].Element; Argument[2].Parameter[1]; value; manual | +| 3 | Summary: System.Linq; Enumerable; true; Aggregate; (System.Collections.Generic.IEnumerable,TAccumulate,System.Func,System.Func); ; Argument[1]; Argument[2].Parameter[0]; value; manual | +| 4 | Summary: System.Linq; Enumerable; true; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | +| 5 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 6 | Summary: System.Linq; Enumerable; true; Select; (System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual | +| 7 | Summary: System.Linq; Enumerable; true; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual | +| 8 | Summary: System.Linq; Enumerable; true; Zip; (System.Collections.Generic.IEnumerable,System.Collections.Generic.IEnumerable,System.Func); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual | +| 9 | Summary: System.Linq; Queryable; true; AsQueryable; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue.Element; value; manual | +| 10 | Summary: System.Linq; Queryable; true; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | +| 11 | Summary: System.Linq; Queryable; true; Select; (System.Linq.IQueryable,System.Linq.Expressions.Expression>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual | +| 12 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable+ConfiguredTaskAwaiter; true; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual | +| 13 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable; true; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual | +| 14 | Summary: System.Text; StringBuilder; true; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 15 | Summary: System.Text; StringBuilder; true; Append; (System.Text.StringBuilder); ; Argument[0]; Argument[this]; taint; manual | +| 16 | Summary: System.Text; StringBuilder; true; Append; (System.Text.StringBuilder+AppendInterpolatedStringHandler); ; Argument[0]; Argument[this]; taint; manual | +| 17 | Summary: System.Text; StringBuilder; true; ToString; (); ; Argument[this]; ReturnValue; taint; manual | +| 18 | Summary: System.Threading.Tasks; Task; true; Run; (System.Func); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual | +| 19 | Summary: System.Threading.Tasks; Task; true; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual | +| 20 | Summary: System; Boolean; true; TryParse; (System.String,System.Boolean); ; Argument[0]; Argument[1]; taint; manual | +| 21 | Summary: System; Int32; true; TryParse; (System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32); ; Argument[0]; Argument[3]; taint; manual | +| 22 | Summary: System; Int32; true; TryParse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual | +| 23 | Summary: System; Lazy; true; Lazy; (System.Func); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual | +| 24 | Summary: System; String; true; Join; (System.String,System.String[]); ; Argument[1].Element; ReturnValue; taint; manual | edges | Capture.cs:7:20:7:26 | tainted : String | Capture.cs:14:9:14:18 | access to local function CaptureIn1 : CaptureIn1 [captured tainted] : String | provenance | | | Capture.cs:7:20:7:26 | tainted : String | Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | provenance | | diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected index a3850dd73ebd..70e31c1ad83a 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected @@ -1,6 +1,6 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 3 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected index 9b1b32b57fda..dfc6509d8e0f 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected @@ -1,7 +1,7 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual | -| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; ExecuteQuery; (System.String); ; ReturnValue; database; manual | +| 3 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 4 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 5 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected index ee8d0615b2d4..35ba8661aeb4 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected @@ -1,9 +1,9 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual | -| 3 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | -| 4 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual | -| 5 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; ExecuteQuery; (System.String); ; ReturnValue; database; manual | +| 3 | Source: My.Qltest; TestSources; true; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | +| 4 | Source: My.Qltest; TestSources; true; ReadEnv; (System.String); ; ReturnValue; environment; manual | +| 5 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 6 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 7 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected index cac7f178b409..9b155b6eb560 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected @@ -1,10 +1,10 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual | -| 3 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | -| 4 | Source: My.Qltest; TestSources; false; GetCustom; (System.String); ; ReturnValue; custom; manual | -| 5 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual | -| 6 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; ExecuteQuery; (System.String); ; ReturnValue; database; manual | +| 3 | Source: My.Qltest; TestSources; true; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | +| 4 | Source: My.Qltest; TestSources; true; GetCustom; (System.String); ; ReturnValue; custom; manual | +| 5 | Source: My.Qltest; TestSources; true; ReadEnv; (System.String); ; ReturnValue; environment; manual | +| 6 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 7 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 8 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected index b0e7142693f9..51c15f0538b1 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected @@ -1,8 +1,8 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | -| 3 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual | -| 4 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | +| 3 | Source: My.Qltest; TestSources; true; ReadEnv; (System.String); ; ReturnValue; environment; manual | +| 4 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 5 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 6 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected index ae9fccfab806..b0dd873f2d29 100644 --- a/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected +++ b/csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected @@ -1,8 +1,8 @@ models -| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual | -| 3 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | -| 4 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual | +| 1 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Source: My.Qltest; TestSources; true; ExecuteQuery; (System.String); ; ReturnValue; database; manual | +| 3 | Source: My.Qltest; TestSources; true; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual | +| 4 | Source: System.Net.Sockets; TcpClient; true; GetStream; ; ; ReturnValue; remote; manual | | 5 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual | | 6 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | edges diff --git a/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected b/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected index 27a1929950a9..4045d32ee038 100644 --- a/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected +++ b/csharp/ql/test/library-tests/dataflow/typeflow-dispatch/TypeFlowDispatch.expected @@ -1,6 +1,6 @@ models | 1 | Summary: System.Collections.Generic; ICollection; true; Add; (T); ; Argument[0]; Argument[this].Element; value; manual | -| 2 | Summary: System.Collections.Generic; List; false; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | +| 2 | Summary: System.Collections.Generic; List; true; ForEach; (System.Action); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual | edges | TypeFlowDispatch.cs:11:42:11:42 | x : String | TypeFlowDispatch.cs:13:11:13:11 | access to parameter x : String | provenance | | | TypeFlowDispatch.cs:11:42:11:42 | x : String | TypeFlowDispatch.cs:13:11:13:11 | access to parameter x : String | provenance | | diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected b/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected index 8edb49dffbb4..f3d0e199b5ba 100644 --- a/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected +++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected @@ -1,8 +1,8 @@ models -| 1 | Summary: Microsoft.EntityFrameworkCore; DbSet; false; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual | -| 2 | Summary: System.Data.Entity; DbSet; false; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual | -| 3 | Summary: System.Linq; Enumerable; false; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | -| 4 | Summary: System.Linq; Queryable; false; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | +| 1 | Summary: Microsoft.EntityFrameworkCore; DbSet; true; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual | +| 2 | Summary: System.Data.Entity; DbSet; true; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual | +| 3 | Summary: System.Linq; Enumerable; true; First; (System.Collections.Generic.IEnumerable); ; Argument[0].Element; ReturnValue; value; manual | +| 4 | Summary: System.Linq; Queryable; true; First; (System.Linq.IQueryable); ; Argument[0].Element; ReturnValue; value; manual | edges | EntityFramework.cs:58:17:58:18 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:66:29:66:30 | access to local variable p1 : Person [property Name] : String | provenance | | | EntityFramework.cs:59:13:62:13 | { ..., ... } : Person [property Name] : String | EntityFramework.cs:58:17:58:18 | access to local variable p1 : Person [property Name] : String | provenance | | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected index bef499f03356..152c2879ecd7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected @@ -7,8 +7,8 @@ edges | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:20:9:50 | access to indexer : String | provenance | MaD:2 | | UntrustedData.cs:9:20:9:50 | access to indexer : String | UntrustedData.cs:9:13:9:16 | access to local variable name : String | provenance | | models -| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 2 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | UntrustedData.cs:9:13:9:16 | access to local variable name : String | semmle.label | access to local variable name : String | | UntrustedData.cs:9:20:9:30 | access to property Request | semmle.label | access to property Request | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected index edb948d412c2..b50a4ff7e639 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected @@ -19,7 +19,7 @@ edges | TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:36:25:36:31 | access to local variable badPath | provenance | | | TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:38:49:38:55 | access to local variable badPath | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | TaintedPath.cs:10:16:10:19 | access to local variable path : String | semmle.label | access to local variable path : String | | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected index 8e59305b4c2e..ebddbbbfbb19 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected @@ -36,8 +36,8 @@ edges | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | ZipSlipBad.cs:9:16:9:27 | access to local variable destFileName : String | provenance | | | ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | provenance | MaD:1 | models -| 1 | Summary: System.IO; Path; false; Combine; (System.String,System.String); ; Argument[1]; ReturnValue; taint; manual | -| 2 | Summary: System.IO; Path; false; GetFullPath; (System.String); ; Argument[0]; ReturnValue; taint; manual | +| 1 | Summary: System.IO; Path; true; Combine; (System.String,System.String); ; Argument[1]; ReturnValue; taint; manual | +| 2 | Summary: System.IO; Path; true; GetFullPath; (System.String); ; Argument[0]; ReturnValue; taint; manual | nodes | ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | semmle.label | access to local variable fullPath : String | | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | semmle.label | call to method GetFullPath : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected index 6e3714bd4978..6323aa7cbcbf 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected @@ -23,7 +23,7 @@ edges | CommandInjection.cs:51:54:51:80 | call to method GetString : String | CommandInjection.cs:51:46:51:80 | ... + ... | provenance | | models | 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | -| 2 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 2 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | nodes | CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | semmle.label | access to local variable userInput : String | | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected index 8304e8a6e698..b7ebd9819978 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected @@ -6,7 +6,7 @@ edges | StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | StoredXSS.cs:22:60:22:86 | call to method GetString : String | provenance | MaD:2 | | StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | provenance | Sink:MaD:1 | models -| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | +| 1 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | | 2 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | nodes | StoredXSS.cs:17:31:17:44 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected index fe184fdff75a..b09bf52e9ead 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected @@ -42,9 +42,9 @@ edges | XSSAspNetCore.cs:77:17:77:22 | access to local variable header : StringValues | XSSAspNetCore.cs:78:51:78:56 | call to operator implicit conversion | provenance | | | XSSAspNetCore.cs:77:26:77:40 | access to property Headers : IHeaderDictionary | XSSAspNetCore.cs:77:17:77:22 | access to local variable header : StringValues | provenance | | models -| 1 | Summary: Microsoft.Extensions.Primitives; StringValues; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual | -| 2 | Summary: Microsoft.Extensions.Primitives; StringValues; false; get_Item; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | -| 3 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: Microsoft.Extensions.Primitives; StringValues; true; ToString; (); ; Argument[this]; ReturnValue; taint; manual | +| 2 | Summary: Microsoft.Extensions.Primitives; StringValues; true; get_Item; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | +| 3 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | Index.cshtml:5:9:5:15 | access to local variable message : StringValues | semmle.label | access to local variable message : StringValues | | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | semmle.label | access to property Query : IQueryCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected index b89708b8f034..c765868a040e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected @@ -49,12 +49,12 @@ edges | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | provenance | | | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | provenance | | models -| 1 | Sink: System.Net.Http; StringContent; false; StringContent; ; ; Argument[0]; js-injection; manual | -| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 3 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | -| 4 | Summary: System.Text; StringBuilder; false; AppendFormat; (System.String,System.Object); ; Argument[1]; Argument[this]; taint; manual | -| 5 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual | -| 6 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 1 | Sink: System.Net.Http; StringContent; true; StringContent; ; ; Argument[0]; js-injection; manual | +| 2 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 3 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 4 | Summary: System.Text; StringBuilder; true; AppendFormat; (System.String,System.Object); ; Argument[1]; Argument[this]; taint; manual | +| 5 | Summary: System.Text; StringBuilder; true; ToString; (); ; Argument[this]; ReturnValue; taint; manual | +| 6 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | nodes | XSS.cs:26:13:26:21 | [post] access to local variable userInput : StringBuilder | semmle.label | [post] access to local variable userInput : StringBuilder | | XSS.cs:26:48:26:62 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected index 238cbd0bc3ba..0c3fea4e8ef1 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected @@ -101,34 +101,34 @@ edges | SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance | MaD:28 | | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | provenance | | models -| 1 | Sink: Dapper; SqlMapper; false; ExecuteAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 2 | Sink: Dapper; SqlMapper; false; ExecuteReader; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 3 | Sink: Dapper; SqlMapper; false; ExecuteScalar; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 4 | Sink: Dapper; SqlMapper; false; Query; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 5 | Sink: Dapper; SqlMapper; false; QueryAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 6 | Sink: Dapper; SqlMapper; false; QueryFirstAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | -| 7 | Sink: System.Data.Entity; Database; false; ExecuteSqlCommand; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual | -| 8 | Sink: System.Data.Entity; Database; false; SqlQuery; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual | -| 9 | Sink: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String); ; Argument[0]; sql-injection; manual | -| 10 | Sink: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual | -| 11 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.Data.SQLite.SQLiteCommand); ; Argument[0]; sql-injection; manual | -| 12 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual | -| 13 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.String,System.String); ; Argument[0]; sql-injection; manual | -| 14 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String); ; Argument[0]; sql-injection; manual | -| 15 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 16 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.Data.SqlClient.SqlCommand); ; Argument[0]; sql-injection; manual | -| 17 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 18 | Source: System.IO; FileStream; false; FileStream; ; ; Argument[this]; file-write; manual | -| 19 | Source: System.IO; FileStream; false; FileStream; ; ; Argument[this]; file; manual | -| 20 | Source: System; Console; false; ReadLine; ; ; ReturnValue; stdin; manual | -| 21 | Summary: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; Argument[this]; taint; manual | -| 22 | Summary: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 1 | Sink: Dapper; SqlMapper; true; ExecuteAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 2 | Sink: Dapper; SqlMapper; true; ExecuteReader; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 3 | Sink: Dapper; SqlMapper; true; ExecuteScalar; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 4 | Sink: Dapper; SqlMapper; true; Query; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 5 | Sink: Dapper; SqlMapper; true; QueryAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 6 | Sink: Dapper; SqlMapper; true; QueryFirstAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable); ; Argument[1]; sql-injection; manual | +| 7 | Sink: System.Data.Entity; Database; true; ExecuteSqlCommand; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual | +| 8 | Sink: System.Data.Entity; Database; true; SqlQuery; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual | +| 9 | Sink: System.Data.SQLite; SQLiteCommand; true; SQLiteCommand; (System.String); ; Argument[0]; sql-injection; manual | +| 10 | Sink: System.Data.SQLite; SQLiteCommand; true; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual | +| 11 | Sink: System.Data.SQLite; SQLiteDataAdapter; true; SQLiteDataAdapter; (System.Data.SQLite.SQLiteCommand); ; Argument[0]; sql-injection; manual | +| 12 | Sink: System.Data.SQLite; SQLiteDataAdapter; true; SQLiteDataAdapter; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual | +| 13 | Sink: System.Data.SQLite; SQLiteDataAdapter; true; SQLiteDataAdapter; (System.String,System.String); ; Argument[0]; sql-injection; manual | +| 14 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String); ; Argument[0]; sql-injection; manual | +| 15 | Sink: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 16 | Sink: System.Data.SqlClient; SqlDataAdapter; true; SqlDataAdapter; (System.Data.SqlClient.SqlCommand); ; Argument[0]; sql-injection; manual | +| 17 | Sink: System.Data.SqlClient; SqlDataAdapter; true; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 18 | Source: System.IO; FileStream; true; FileStream; ; ; Argument[this]; file-write; manual | +| 19 | Source: System.IO; FileStream; true; FileStream; ; ; Argument[this]; file; manual | +| 20 | Source: System; Console; true; ReadLine; ; ; ReturnValue; stdin; manual | +| 21 | Summary: System.Data.SQLite; SQLiteCommand; true; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; Argument[this]; taint; manual | +| 22 | Summary: System.Data.SqlClient; SqlCommand; true; SqlCommand; (System.String); ; Argument[0]; Argument[this]; taint; manual | | 23 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | -| 24 | Summary: System.IO; FileStream; false; FileStream; (System.String,System.IO.FileMode); ; Argument[0]; Argument[this]; taint; manual | -| 25 | Summary: System.IO; StreamReader; false; StreamReader; (System.IO.Stream,System.Text.Encoding); ; Argument[0]; Argument[this]; taint; manual | +| 24 | Summary: System.IO; FileStream; true; FileStream; (System.String,System.IO.FileMode); ; Argument[0]; Argument[this]; taint; manual | +| 25 | Summary: System.IO; StreamReader; true; StreamReader; (System.IO.Stream,System.Text.Encoding); ; Argument[0]; Argument[this]; taint; manual | | 26 | Summary: System.IO; TextReader; true; ReadLine; (); ; Argument[this]; ReturnValue; taint; manual | -| 27 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | -| 28 | Summary: System; String; false; Trim; (); ; Argument[this]; ReturnValue; taint; manual | +| 27 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 28 | Summary: System; String; true; Trim; (); ; Argument[this]; ReturnValue; taint; manual | nodes | SecondOrderSqlInjection.cs:20:31:20:44 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader | | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | semmle.label | call to method ExecuteReader : SqlDataReader | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected index 2cb812051c60..25d62d2856ed 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected @@ -21,7 +21,7 @@ edges | LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | LDAPInjection.cs:41:80:41:106 | call to method GetString : String | provenance | MaD:2 | | LDAPInjection.cs:41:80:41:106 | call to method GetString : String | LDAPInjection.cs:41:63:41:106 | ... + ... | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | | 2 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | nodes | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | semmle.label | access to local variable userName : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected index f4f952d0f0ff..9d96d9aeabbb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected @@ -6,7 +6,7 @@ edges | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:27:8:65 | access to indexer : String | provenance | MaD:1 | | Test.cs:8:27:8:65 | access to indexer : String | Test.cs:8:12:8:23 | access to local variable employeeName : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | Test.cs:8:12:8:23 | access to local variable employeeName : String | semmle.label | access to local variable employeeName : String | | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected index d12803909c86..922261d04109 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected @@ -9,7 +9,7 @@ edges | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:23:23:53 | access to indexer : String | provenance | MaD:1 | | CodeInjection.cs:23:23:23:53 | access to indexer : String | CodeInjection.cs:23:16:23:19 | access to local variable code : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | CodeInjection.cs:23:16:23:19 | access to local variable code : String | semmle.label | access to local variable code : String | | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected index 395b711e5478..d450bfbcbaf8 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected @@ -9,7 +9,7 @@ edges | ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | provenance | | | ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | semmle.label | access to local variable userName : String | | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected index 2477cd600e0f..a91727751ecb 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected @@ -17,8 +17,8 @@ edges | MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | MaD:2 | | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | MaD:2 | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | -| 2 | Summary: System.IO; StringReader; false; StringReader; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 2 | Summary: System.IO; StringReader; true; StringReader; (System.String); ; Argument[0]; Argument[this]; taint; manual | nodes | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String | | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected index 14e45fbcd9a7..1a50fdf6e64f 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected @@ -6,7 +6,7 @@ edges | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:26:7:63 | access to indexer : String | provenance | MaD:1 | | Test.cs:7:26:7:63 | access to indexer : String | Test.cs:7:12:7:22 | access to local variable libraryName : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | Test.cs:7:12:7:22 | access to local variable libraryName : String | semmle.label | access to local variable libraryName : String | | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected index f817ebd27b03..dbda9d772b61 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected @@ -12,7 +12,7 @@ edges | LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | | | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | LogForging.cs:18:16:18:23 | access to local variable username : String | semmle.label | access to local variable username : String | | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected b/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected index 6c70f8450b2e..4a86c940e456 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected @@ -17,8 +17,8 @@ edges | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | provenance | MaD:2 | | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | provenance | | models -| 1 | Source: System; Console; false; ReadLine; ; ; ReturnValue; stdin; manual | -| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Source: System; Console; true; ReadLine; ; ; ReturnValue; stdin; manual | +| 2 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | semmle.label | access to local variable format : String | | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | semmle.label | call to method ReadLine : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected index f6fedad600ab..fde1b5d05672 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected @@ -17,8 +17,8 @@ edges | ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | provenance | | | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | provenance | | models -| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 2 | Summary: System.ComponentModel; PropertyDescriptorCollection; false; get_Item; (System.Object); ; Argument[this].Element; ReturnValue; value; manual | +| 1 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 2 | Summary: System.ComponentModel; PropertyDescriptorCollection; true; get_Item; (System.Object); ; Argument[this].Element; ReturnValue; value; manual | nodes | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | semmle.label | access to local variable password | | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | semmle.label | call to method ToString | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected index f7015f6e9ba4..af5b49a51c1f 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected @@ -14,8 +14,8 @@ edges | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | Config Sink:MaD:1 | | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | MaD:2 Sink:MaD:1 | models -| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 2 | Summary: System; Exception; false; ToString; (); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 2 | Summary: System; Exception; true; ToString; (); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | semmle.label | access to local variable ex : Exception | | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | semmle.label | call to method ToString | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected index f1cb229f93a4..eb8381dee1c9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected @@ -23,9 +23,9 @@ edges | InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | provenance | | models | 1 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual | -| 2 | Summary: System.Text; StringBuilder; false; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual | -| 3 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual | -| 4 | Summary: System; String; false; ToString; (); ; Argument[this]; ReturnValue; value; manual | +| 2 | Summary: System.Text; StringBuilder; true; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 3 | Summary: System.Text; StringBuilder; true; ToString; (); ; Argument[this]; ReturnValue; taint; manual | +| 4 | Summary: System; String; true; ToString; (); ; Argument[this]; ReturnValue; value; manual | nodes | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | semmle.label | call to method InsecureRandomString | | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | semmle.label | call to method InsecureRandomStringFromSelection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected index 37cba1c28bff..bd1c1939d65e 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected @@ -27,9 +27,9 @@ edges | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | MaD:3 | | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | MaD:2 | models -| 1 | Summary: System.IO; MemoryStream; false; MemoryStream; (System.Byte[]); ; Argument[0]; Argument[this]; taint; manual | +| 1 | Summary: System.IO; MemoryStream; true; MemoryStream; (System.Byte[]); ; Argument[0]; Argument[this]; taint; manual | | 2 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual | -| 3 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 3 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | nodes | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream | | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected index d63b7070311c..c66450230483 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected @@ -5,7 +5,7 @@ edges | Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | provenance | MaD:1 | | Test.cs:25:46:25:49 | access to parameter data : TextBox | Test.cs:25:46:25:54 | access to property Text | provenance | MaD:1 | models -| 1 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | +| 1 | Summary: System.Web.UI.WebControls; TextBox; true; get_Text; (); ; Argument[this]; ReturnValue; taint; manual | nodes | Test.cs:9:46:9:49 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox | | Test.cs:9:46:9:54 | access to property Text | semmle.label | access to property Text | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected index e7fced7fde3f..02253298fdb9 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected @@ -49,11 +49,11 @@ edges | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | provenance | | | UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | provenance | MaD:5 | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | -| 2 | Summary: System; String; false; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual | -| 3 | Summary: System; String; false; Format; (System.String,System.Object,System.Object); ; Argument[1]; ReturnValue; taint; manual | -| 4 | Summary: System; String; false; Format; (System.String,System.Object,System.Object); ; Argument[2]; ReturnValue; taint; manual | -| 5 | Summary: System; Uri; false; Uri; (System.String); ; Argument[0]; Argument[this]; taint; manual | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 2 | Summary: System; String; true; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual | +| 3 | Summary: System; String; true; Format; (System.String,System.Object,System.Object); ; Argument[1]; ReturnValue; taint; manual | +| 4 | Summary: System; String; true; Format; (System.String,System.Object,System.Object); ; Argument[2]; ReturnValue; taint; manual | +| 5 | Summary: System; Uri; true; Uri; (System.String); ; Argument[0]; Argument[this]; taint; manual | nodes | UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | | UrlRedirect2.cs:14:31:14:61 | access to indexer | semmle.label | access to indexer | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected index 22a96ba9dbe5..4b00e61a4b30 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-611/UntrustedDataInsecureXml.expected @@ -4,7 +4,7 @@ edges | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | Test.cs:11:50:11:84 | access to indexer | provenance | | | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | Test.cs:11:50:11:84 | access to indexer | provenance | MaD:1 | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | Test.cs:11:50:11:72 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | | Test.cs:11:50:11:84 | access to indexer | semmle.label | access to indexer | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected index 6e302ea05c8f..9ce72f9737bd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected @@ -43,7 +43,7 @@ edges | XPathInjection.cs:79:35:79:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:79:35:79:61 | call to method GetString : String | provenance | MaD:2 | | XPathInjection.cs:79:35:79:61 | call to method GetString : String | XPathInjection.cs:79:24:79:31 | access to local variable password : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | | 2 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual | nodes | XPathInjection.cs:11:16:11:23 | access to local variable userName : String | semmle.label | access to local variable userName : String | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected index de0a0f183e57..6310597cf2b7 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected @@ -14,7 +14,7 @@ edges | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | provenance | MaD:1 | | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String | | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected index 58af96929ff7..fd6303de650d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected @@ -5,7 +5,7 @@ edges | ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | provenance | MaD:1 | | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String | | ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected index 2385d5b212d6..3af7daa80226 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected @@ -6,7 +6,7 @@ edges | RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:24:10:55 | access to indexer : String | provenance | MaD:1 | | RegexInjection.cs:10:24:10:55 | access to indexer : String | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | nodes | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | semmle.label | access to local variable regex : String | | RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected index 6890fb686a04..97c204c8138b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.expected @@ -34,9 +34,9 @@ edges | ConditionalBypass.cs:84:13:84:23 | access to local variable adminCookie : HttpCookie | ConditionalBypass.cs:84:13:84:29 | access to property Value : String | provenance | MaD:3 | | ConditionalBypass.cs:84:13:84:29 | access to property Value : String | ConditionalBypass.cs:84:13:84:40 | ... == ... | provenance | | models -| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | -| 2 | Summary: System.Net; IPHostEntry; false; get_HostName; (); ; Argument[this]; ReturnValue; taint; manual | -| 3 | Summary: System.Web; HttpCookie; false; get_Value; (); ; Argument[this]; ReturnValue; taint; manual | +| 1 | Summary: System.Collections.Specialized; NameValueCollection; true; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated | +| 2 | Summary: System.Net; IPHostEntry; true; get_HostName; (); ; Argument[this]; ReturnValue; taint; manual | +| 3 | Summary: System.Web; HttpCookie; true; get_Value; (); ; Argument[this]; ReturnValue; taint; manual | nodes | ConditionalBypass.cs:12:16:12:22 | access to local variable isAdmin : String | semmle.label | access to local variable isAdmin : String | | ConditionalBypass.cs:12:26:12:48 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected index 391c513ed0f6..81be1b5b8e53 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected @@ -28,9 +28,9 @@ edges | SqlEncode.cs:14:62:14:87 | call to method Replace : String | SqlEncode.cs:14:17:14:21 | access to local variable query : String | provenance | | | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | UrlEncode.cs:10:31:10:69 | ... + ... | provenance | | models -| 1 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | -| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual | -| 3 | Summary: System; String; false; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual | +| 1 | Sink: System.Data.SqlClient; SqlDataAdapter; true; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual | +| 2 | Sink: System.Web; HttpResponse; true; Write; ; ; Argument[0]; html-injection; manual | +| 3 | Summary: System; String; true; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual | nodes | HtmlEncode.cs:10:28:10:65 | ... + ... | semmle.label | ... + ... | | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | semmle.label | call to method UrlEncode : String |