Merge branch 'main' into post-release-prep/codeql-cli-2.14.2

2026-04-29 02:35:15 +02:00 · 2023-08-11 13:54:55 +01:00
parent 432c21d4fb 5161cd1a3c
commit 1213eba630
264 changed files with 8332 additions and 5797 deletions
--- a/csharp/ql/lib/Linq/Helpers.qll
+++ b/csharp/ql/lib/Linq/Helpers.qll
@@ -3,7 +3,9 @@
 * Provides helper classes and methods related to LINQ.
 */

-import csharp
+private import csharp
+private import semmle.code.csharp.frameworks.system.collections.Generic as GenericCollections
+private import semmle.code.csharp.frameworks.system.Collections as Collections

 //#################### PREDICATES ####################
 private Stmt firstStmt(ForeachStmt fes) {
@@ -29,13 +31,40 @@ predicate isIEnumerableType(ValueOrRefType t) {
  )
 }

+/**
+ * A class of foreach statements where the iterable expression
+ * supports the use of the LINQ extension methods on `IEnumerable<T>`.
+ */
+class ForeachStmtGenericEnumerable extends ForeachStmt {
+  ForeachStmtGenericEnumerable() {
+    exists(ValueOrRefType t | t = this.getIterableExpr().getType() |
+      t.getABaseType*().getUnboundDeclaration() instanceof
+        GenericCollections::SystemCollectionsGenericIEnumerableTInterface or
+      t.(ArrayType).getRank() = 1
+    )
+  }
+}
+
+/**
+ * A class of foreach statements where the iterable expression
+ * supports the use of the LINQ extension methods on `IEnumerable`.
+ */
+class ForeachStmtEnumerable extends ForeachStmt {
+  ForeachStmtEnumerable() {
+    exists(ValueOrRefType t | t = this.getIterableExpr().getType() |
+      t.getABaseType*() instanceof Collections::SystemCollectionsIEnumerableInterface or
+      t.(ArrayType).getRank() = 1
+    )
+  }
+}
+
 /**
 * Holds if `foreach` statement `fes` could be converted to a `.All()` call.
 * That is, the `ForeachStmt` contains a single `if` with a condition that
 * accesses the loop variable and with a body that assigns `false` to a variable
 * and `break`s out of the `foreach`.
 */
-predicate missedAllOpportunity(ForeachStmt fes) {
+predicate missedAllOpportunity(ForeachStmtGenericEnumerable fes) {
  exists(IfStmt is |
    // The loop contains an if statement with no else case, and nothing else.
    is = firstStmt(fes) and
@@ -54,12 +83,12 @@ predicate missedAllOpportunity(ForeachStmt fes) {
 }

 /**
- * Holds if `foreach` statement `fes` could be converted to a `.Cast()` call.
+ * Holds if the `foreach` statement `fes` can be converted to a `.Cast()` call.
 * That is, the loop variable is accessed only in the first statement of the
- * block, and the access is a cast. The first statement needs to be a
- * `LocalVariableDeclStmt`.
+ * block, the access is a cast, and the first statement is a
+ * local variable declaration statement `s`.
 */
-predicate missedCastOpportunity(ForeachStmt fes, LocalVariableDeclStmt s) {
+predicate missedCastOpportunity(ForeachStmtEnumerable fes, LocalVariableDeclStmt s) {
  s = firstStmt(fes) and
  forex(VariableAccess va | va = fes.getVariable().getAnAccess() |
    va = s.getAVariableDeclExpr().getAChildExpr*()
@@ -71,12 +100,12 @@ predicate missedCastOpportunity(ForeachStmt fes, LocalVariableDeclStmt s) {
 }

 /**
- * Holds if `foreach` statement `fes` could be converted to an `.OfType()` call.
+ * Holds if `foreach` statement `fes` can be converted to an `.OfType()` call.
 * That is, the loop variable is accessed only in the first statement of the
- * block, and the access is a cast with the `as` operator. The first statement
- * needs to be a `LocalVariableDeclStmt`.
+ * block, the access is a cast with the `as` operator, and the first statement
+ * is a local variable declaration statement `s`.
 */
-predicate missedOfTypeOpportunity(ForeachStmt fes, LocalVariableDeclStmt s) {
+predicate missedOfTypeOpportunity(ForeachStmtEnumerable fes, LocalVariableDeclStmt s) {
  s = firstStmt(fes) and
  forex(VariableAccess va | va = fes.getVariable().getAnAccess() |
    va = s.getAVariableDeclExpr().getAChildExpr*()
@@ -88,12 +117,12 @@ predicate missedOfTypeOpportunity(ForeachStmt fes, LocalVariableDeclStmt s) {
 }

 /**
- * Holds if `foreach` statement `fes` could be converted to a `.Select()` call.
+ * Holds if `foreach` statement `fes` can be converted to a `.Select()` call.
 * That is, the loop variable is accessed only in the first statement of the
- * block, and the access is not a cast. The first statement needs to be a
- * `LocalVariableDeclStmt`.
+ * block, the access is not a cast, and the first statement is a
+ * local variable declaration statement `s`.
 */
-predicate missedSelectOpportunity(ForeachStmt fes, LocalVariableDeclStmt s) {
+predicate missedSelectOpportunity(ForeachStmtGenericEnumerable fes, LocalVariableDeclStmt s) {
  s = firstStmt(fes) and
  forex(VariableAccess va | va = fes.getVariable().getAnAccess() |
    va = s.getAVariableDeclExpr().getAChildExpr*()
@@ -107,7 +136,7 @@ predicate missedSelectOpportunity(ForeachStmt fes, LocalVariableDeclStmt s) {
 * variable, and the body of the `if` is either a `continue` or there's nothing
 * else in the loop than the `if`.
 */
-predicate missedWhereOpportunity(ForeachStmt fes, IfStmt is) {
+predicate missedWhereOpportunity(ForeachStmtGenericEnumerable fes, IfStmt is) {
  // The very first thing the foreach loop does is test its iteration variable.
  is = firstStmt(fes) and
  exists(VariableAccess va |
--- a/csharp/ql/lib/change-notes/2023-08-04-netcore-identity-hardcoded-cred.md
+++ b/csharp/ql/lib/change-notes/2023-08-04-netcore-identity-hardcoded-cred.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* The query library for `cs/hardcoded-credentials` now excludes benign properties such as `UserNameClaimType` and `AllowedUserNameCharacters` from `Microsoft.AspNetCore.Identity` options classes.
--- a/csharp/ql/lib/semmle/code/csharp/Stmt.qll
+++ b/csharp/ql/lib/semmle/code/csharp/Stmt.qll
@@ -861,6 +861,12 @@ class YieldReturnStmt extends YieldStmt {
  override string getAPrimaryQlClass() { result = "YieldReturnStmt" }
 }

+bindingset[cfe1, cfe2]
+pragma[inline_late]
+private predicate sameCallable(ControlFlowElement cfe1, ControlFlowElement cfe2) {
+  cfe1.getEnclosingCallable() = cfe2.getEnclosingCallable()
+}
+
 /**
 * A `try` statement, for example
 *
@@ -947,8 +953,7 @@ class TryStmt extends Stmt, @try_stmt {
      mid = this.getATriedElement() and
      not mid instanceof TryStmt and
      result = mid.getAChild() and
-      pragma[only_bind_into](mid.getEnclosingCallable()) =
-        pragma[only_bind_into](result.getEnclosingCallable())
+      sameCallable(mid, result)
    )
  }
 }
--- a/csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll
+++ b/csharp/ql/lib/semmle/code/csharp/security/dataflow/HardcodedCredentialsQuery.qll
@@ -169,7 +169,7 @@ private class CredentialVar extends Assignable {
    exists(string name | name = this.getName() |
      name.regexpMatch("(?i).*pass(wd|word|code|phrase)(?!.*question).*")
      or
-      name.regexpMatch("(?i).*(puid|username|userid).*")
+      name.regexpMatch("(?i).*(puid|username|userid)(?!.*(characters|claimtype)).*")
      or
      name.regexpMatch("(?i).*(cert)(?!.*(format|name)).*")
    )
--- a/csharp/ql/src/Linq/MissedAllOpportunity.ql
+++ b/csharp/ql/src/Linq/MissedAllOpportunity.ql
@@ -10,7 +10,6 @@
 *       language-features
 */

-import csharp
 import Linq.Helpers

 /*
@@ -31,7 +30,7 @@ import Linq.Helpers
 * bool allEven = lst.All(i => i % 2 == 0);
 */

-from ForeachStmt fes
+from ForeachStmtGenericEnumerable fes
 where missedAllOpportunity(fes)
 select fes,
  "This foreach loop looks as if it might be testing whether every sequence element satisfies a predicate - consider using '.All(...)'."
--- a/csharp/ql/src/Linq/MissedCastOpportunity.ql
+++ b/csharp/ql/src/Linq/MissedCastOpportunity.ql
@@ -13,7 +13,7 @@
 import csharp
 import Linq.Helpers

-from ForeachStmt fes, LocalVariableDeclStmt s
+from ForeachStmtEnumerable fes, LocalVariableDeclStmt s
 where missedCastOpportunity(fes, s)
 select fes,
  "This foreach loop immediately $@ - consider casting the sequence explicitly using '.Cast(...)'.",
--- a/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql
+++ b/csharp/ql/src/Linq/MissedOfTypeOpportunity.ql
@@ -13,7 +13,7 @@
 import csharp
 import Linq.Helpers

-from ForeachStmt fes, LocalVariableDeclStmt s
+from ForeachStmtEnumerable fes, LocalVariableDeclStmt s
 where missedOfTypeOpportunity(fes, s)
 select fes,
  "This foreach loop immediately uses 'as' to $@ - consider using '.OfType(...)' instead.", s,
--- a/csharp/ql/src/Linq/MissedSelectOpportunity.ql
+++ b/csharp/ql/src/Linq/MissedSelectOpportunity.ql
@@ -20,7 +20,7 @@ predicate oversized(LocalVariableDeclStmt s) {
  )
 }

-from ForeachStmt fes, LocalVariableDeclStmt s
+from ForeachStmtGenericEnumerable fes, LocalVariableDeclStmt s
 where
  missedSelectOpportunity(fes, s) and
  not oversized(s)
--- a/csharp/ql/src/Linq/MissedWhereOpportunity.ql
+++ b/csharp/ql/src/Linq/MissedWhereOpportunity.ql
@@ -12,7 +12,7 @@
 import csharp
 import Linq.Helpers

-from ForeachStmt fes, IfStmt is
+from ForeachStmtGenericEnumerable fes, IfStmt is
 where
  missedWhereOpportunity(fes, is) and
  not missedAllOpportunity(fes)
--- a/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.cs
+++ b/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.cs
@@ -0,0 +1,78 @@
+using System;
+using System.Collections;
+using System.Collections.Generic;
+
+class MissedCastOpportunity
+{
+    public void M1(List<Animal> animals)
+    {
+        // BAD: Can be replaced with animals.Cast<Dog>().
+        foreach (Animal a in animals)
+        {
+            Dog d = (Dog)a;
+            d.Woof();
+        }
+    }
+
+    public void M2(NonEnumerableClass nec)
+    {
+        // GOOD: Not possible to use Linq here.
+        foreach (Animal a in nec)
+        {
+            Dog d = (Dog)a;
+            d.Woof();
+        }
+    }
+
+    public void M3(Animal[] animals)
+    {
+        // BAD: Can be replaced with animals.Cast<Dog>().
+        foreach (Animal animal in animals)
+        {
+            Dog d = (Dog)animal;
+            d.Woof();
+        }
+    }
+
+    public void M4(Array animals)
+    {
+        // BAD: Can be replaced with animals.Cast<Dog>().
+        foreach (Animal animal in animals)
+        {
+            Dog d = (Dog)animal;
+            d.Woof();
+        }
+    }
+
+    public void M5(IEnumerable animals)
+    {
+        // BAD: Can be replaced with animals.Cast<Dog>().
+        foreach (object animal in animals)
+        {
+            Dog d = (Dog)animal;
+            d.Woof();
+        }
+    }
+
+    public class NonEnumerableClass
+    {
+        public IEnumerator<Animal> GetEnumerator() => throw null;
+    }
+
+    public class Animal { }
+
+    class Dog : Animal
+    {
+        private string name;
+
+        public Dog(string name)
+        {
+            this.name = name;
+        }
+
+        public void Woof()
+        {
+            Console.WriteLine("Woof! My name is " + name + ".");
+        }
+    }
+}
--- a/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.expected
+++ b/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.expected
@@ -0,0 +1,4 @@
+| MissedCastOpportunity.cs:10:9:14:9 | foreach (... ... in ...) ... | This foreach loop immediately $@ - consider casting the sequence explicitly using '.Cast(...)'. | MissedCastOpportunity.cs:12:13:12:27 | ... ...; | casts its iteration variable to another type |
+| MissedCastOpportunity.cs:30:9:34:9 | foreach (... ... in ...) ... | This foreach loop immediately $@ - consider casting the sequence explicitly using '.Cast(...)'. | MissedCastOpportunity.cs:32:13:32:32 | ... ...; | casts its iteration variable to another type |
+| MissedCastOpportunity.cs:40:9:44:9 | foreach (... ... in ...) ... | This foreach loop immediately $@ - consider casting the sequence explicitly using '.Cast(...)'. | MissedCastOpportunity.cs:42:13:42:32 | ... ...; | casts its iteration variable to another type |
+| MissedCastOpportunity.cs:50:9:54:9 | foreach (... ... in ...) ... | This foreach loop immediately $@ - consider casting the sequence explicitly using '.Cast(...)'. | MissedCastOpportunity.cs:52:13:52:32 | ... ...; | casts its iteration variable to another type |
--- a/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.qlref
+++ b/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/MissedCastOpportunity.qlref
@@ -0,0 +1 @@
+Linq/MissedCastOpportunity.ql
--- a/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/options
+++ b/csharp/ql/test/query-tests/Linq/MissedCastOpportunity/options
@@ -0,0 +1,2 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
--- a/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.cs
+++ b/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.cs
@@ -0,0 +1,83 @@
+using System;
+using System.Linq;
+using System.Collections.Generic;
+
+class MissedWhereOpportunity
+{
+    public void M1(List<int> lst)
+    {
+        // BAD: Can be replaced with lst.Where(e => e % 2 == 0)
+        foreach (int i in lst)
+        {
+            if (i % 2 != 0)
+                continue;
+            Console.WriteLine(i);
+            Console.WriteLine((i / 2));
+        }
+
+        // BAD: Can be replaced with lst.Where(e => e % 2 == 0)
+        foreach (int i in lst)
+        {
+            if (i % 2 == 0)
+            {
+                Console.WriteLine(i);
+                Console.WriteLine((i / 2));
+            }
+        }
+    }
+
+    public void M2(NonEnumerableClass nec)
+    {
+        // GOOD: Linq can't be used here.
+        foreach (int i in nec)
+        {
+            if (i % 2 == 0)
+            {
+                Console.WriteLine(i);
+                Console.WriteLine((i / 2));
+            }
+        }
+    }
+
+    public void M3(int[] arr)
+    {
+        // BAD: Can be replaced with arr.Where(e => e % 2 == 0)
+        foreach (var n in arr)
+        {
+            if (n % 2 == 0)
+            {
+                Console.WriteLine(n);
+                Console.WriteLine((n / 2));
+            }
+        }
+    }
+
+    public void M4(Array arr)
+    {
+        // GOOD: Linq can't be used here.
+        foreach (var element in arr)
+        {
+            if (element.GetHashCode() % 2 == 0)
+            {
+                Console.WriteLine(element);
+            }
+        }
+    }
+
+    public void M5(IEnumerable<int> elements)
+    {
+        // BAD: Can be replaced with elements.Where(e => e.GetHashCode() % 2 == 0)
+        foreach (var element in elements)
+        {
+            if (element.GetHashCode() % 2 == 0)
+            {
+                Console.WriteLine(element);
+            }
+        }
+    }
+
+    public class NonEnumerableClass
+    {
+        public IEnumerator<int> GetEnumerator() => throw null;
+    }
+}
--- a/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.expected
+++ b/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.expected
@@ -0,0 +1,4 @@
+| MissedWhereOpportunity.cs:10:9:16:9 | foreach (... ... in ...) ... | This foreach loop $@ - consider filtering the sequence explicitly using '.Where(...)'. | MissedWhereOpportunity.cs:12:17:12:26 | ... != ... | implicitly filters its target sequence |
+| MissedWhereOpportunity.cs:19:9:26:9 | foreach (... ... in ...) ... | This foreach loop $@ - consider filtering the sequence explicitly using '.Where(...)'. | MissedWhereOpportunity.cs:21:17:21:26 | ... == ... | implicitly filters its target sequence |
+| MissedWhereOpportunity.cs:45:9:52:9 | foreach (... ... in ...) ... | This foreach loop $@ - consider filtering the sequence explicitly using '.Where(...)'. | MissedWhereOpportunity.cs:47:17:47:26 | ... == ... | implicitly filters its target sequence |
+| MissedWhereOpportunity.cs:70:9:76:9 | foreach (... ... in ...) ... | This foreach loop $@ - consider filtering the sequence explicitly using '.Where(...)'. | MissedWhereOpportunity.cs:72:17:72:46 | ... == ... | implicitly filters its target sequence |
--- a/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.qlref
+++ b/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/MissedWhereOpportunity.qlref
@@ -0,0 +1 @@
+Linq/MissedWhereOpportunity.ql
--- a/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/options
+++ b/csharp/ql/test/query-tests/Linq/MissedWhereOpportunity/options
@@ -0,0 +1,2 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj
--- a/Features/CWE-798/HardcodedConnectionString.expected
+++ b/Features/CWE-798/HardcodedConnectionString.expected
@@ -1,8 +1,8 @@
 edges
 nodes
-| HardcodedCredentials.cs:54:48:54:63 | "Password=12345" | semmle.label | "Password=12345" |
-| HardcodedCredentials.cs:56:49:56:63 | "User Id=12345" | semmle.label | "User Id=12345" |
+| HardcodedCredentials.cs:55:48:55:63 | "Password=12345" | semmle.label | "Password=12345" |
+| HardcodedCredentials.cs:57:49:57:63 | "User Id=12345" | semmle.label | "User Id=12345" |
 subpaths
 #select
-| HardcodedCredentials.cs:54:48:54:63 | "Password=12345" | HardcodedCredentials.cs:54:48:54:63 | "Password=12345" | HardcodedCredentials.cs:54:48:54:63 | "Password=12345" | 'ConnectionString' property includes hard-coded credentials set in $@. | HardcodedCredentials.cs:54:30:54:64 | object creation of type SqlConnection | object creation of type SqlConnection |
-| HardcodedCredentials.cs:56:49:56:63 | "User Id=12345" | HardcodedCredentials.cs:56:49:56:63 | "User Id=12345" | HardcodedCredentials.cs:56:49:56:63 | "User Id=12345" | 'ConnectionString' property includes hard-coded credentials set in $@. | HardcodedCredentials.cs:56:31:56:64 | object creation of type SqlConnection | object creation of type SqlConnection |
+| HardcodedCredentials.cs:55:48:55:63 | "Password=12345" | HardcodedCredentials.cs:55:48:55:63 | "Password=12345" | HardcodedCredentials.cs:55:48:55:63 | "Password=12345" | 'ConnectionString' property includes hard-coded credentials set in $@. | HardcodedCredentials.cs:55:30:55:64 | object creation of type SqlConnection | object creation of type SqlConnection |
+| HardcodedCredentials.cs:57:49:57:63 | "User Id=12345" | HardcodedCredentials.cs:57:49:57:63 | "User Id=12345" | HardcodedCredentials.cs:57:49:57:63 | "User Id=12345" | 'ConnectionString' property includes hard-coded credentials set in $@. | HardcodedCredentials.cs:57:31:57:64 | object creation of type SqlConnection | object creation of type SqlConnection |
--- a/Features/CWE-798/HardcodedCredentials.cs
+++ b/Features/CWE-798/HardcodedCredentials.cs
@@ -3,6 +3,7 @@ using System.Data.SqlClient;
 using System.Web;
 using System.Web.Security;
 using System.Security.Cryptography.X509Certificates;
+using Microsoft.AspNetCore.Identity;

 public class HardcodedHandler : IHttpHandler
 {
@@ -72,6 +73,21 @@ public class HardcodedHandler : IHttpHandler

        // BAD: Hard-coded user
        Membership.CreateUser("myusername", "mypassword");
+
+        var identityOptions = new IdentityOptions
+        {
+            User = new UserOptions
+            {
+                // GOOD: This is not a credential so hardcoding a string assignment is fine     
+                AllowedUserNameCharacters = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._@+"
+            }
+        };
+
+        var claimsIdentityOptions = new ClaimsIdentityOptions
+        {
+            // GOOD: This is not a credential so hardcoding a string assignment is fine
+            UserNameClaimType = "username"
+        };
    }

    class Foo
--- a/Features/CWE-798/HardcodedCredentials.expected
+++ b/Features/CWE-798/HardcodedCredentials.expected
@@ -1,24 +1,24 @@
 edges
-| HardcodedCredentials.cs:47:30:47:60 | array creation of type Byte[] : Byte[] | HardcodedCredentials.cs:50:13:50:23 | access to local variable rawCertData |
+| HardcodedCredentials.cs:48:30:48:60 | array creation of type Byte[] : Byte[] | HardcodedCredentials.cs:51:13:51:23 | access to local variable rawCertData |
 nodes
-| HardcodedCredentials.cs:15:25:15:36 | "myPa55word" | semmle.label | "myPa55word" |
-| HardcodedCredentials.cs:31:19:31:28 | "username" | semmle.label | "username" |
-| HardcodedCredentials.cs:45:39:45:53 | "myNewPa55word" | semmle.label | "myNewPa55word" |
-| HardcodedCredentials.cs:47:30:47:60 | array creation of type Byte[] : Byte[] | semmle.label | array creation of type Byte[] : Byte[] |
-| HardcodedCredentials.cs:50:13:50:23 | access to local variable rawCertData | semmle.label | access to local variable rawCertData |
-| HardcodedCredentials.cs:51:13:51:24 | "myPa55word" | semmle.label | "myPa55word" |
-| HardcodedCredentials.cs:74:31:74:42 | "myusername" | semmle.label | "myusername" |
-| HardcodedCredentials.cs:74:45:74:56 | "mypassword" | semmle.label | "mypassword" |
+| HardcodedCredentials.cs:16:25:16:36 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:32:19:32:28 | "username" | semmle.label | "username" |
+| HardcodedCredentials.cs:46:39:46:53 | "myNewPa55word" | semmle.label | "myNewPa55word" |
+| HardcodedCredentials.cs:48:30:48:60 | array creation of type Byte[] : Byte[] | semmle.label | array creation of type Byte[] : Byte[] |
+| HardcodedCredentials.cs:51:13:51:23 | access to local variable rawCertData | semmle.label | access to local variable rawCertData |
+| HardcodedCredentials.cs:52:13:52:24 | "myPa55word" | semmle.label | "myPa55word" |
+| HardcodedCredentials.cs:75:31:75:42 | "myusername" | semmle.label | "myusername" |
+| HardcodedCredentials.cs:75:45:75:56 | "mypassword" | semmle.label | "mypassword" |
 | TestHardcodedCredentials.cs:21:31:21:42 | "myusername" | semmle.label | "myusername" |
 | TestHardcodedCredentials.cs:21:45:21:56 | "mypassword" | semmle.label | "mypassword" |
 | TestHardcodedCredentials.cs:26:19:26:28 | "username" | semmle.label | "username" |
 subpaths
 #select
-| HardcodedCredentials.cs:15:25:15:36 | "myPa55word" | HardcodedCredentials.cs:15:25:15:36 | "myPa55word" | HardcodedCredentials.cs:15:25:15:36 | "myPa55word" | The hard-coded value "myPa55word" flows to $@ which is compared against $@. | HardcodedCredentials.cs:15:25:15:36 | "myPa55word" | "myPa55word" | HardcodedCredentials.cs:15:13:15:20 | access to local variable password | access to local variable password |
-| HardcodedCredentials.cs:31:19:31:28 | "username" | HardcodedCredentials.cs:31:19:31:28 | "username" | HardcodedCredentials.cs:31:19:31:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | HardcodedCredentials.cs:31:19:31:28 | "username" | name | HardcodedCredentials.cs:29:31:43:13 | object creation of type MembershipUser | object creation of type MembershipUser |
-| HardcodedCredentials.cs:45:39:45:53 | "myNewPa55word" | HardcodedCredentials.cs:45:39:45:53 | "myNewPa55word" | HardcodedCredentials.cs:45:39:45:53 | "myNewPa55word" | The hard-coded value "myNewPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:45:39:45:53 | "myNewPa55word" | newPassword | HardcodedCredentials.cs:45:9:45:54 | call to method ChangePassword | call to method ChangePassword |
-| HardcodedCredentials.cs:47:30:47:60 | array creation of type Byte[] | HardcodedCredentials.cs:47:30:47:60 | array creation of type Byte[] : Byte[] | HardcodedCredentials.cs:50:13:50:23 | access to local variable rawCertData | This hard-coded value flows to the $@ parameter in $@. | HardcodedCredentials.cs:50:13:50:23 | access to local variable rawCertData | rawData | HardcodedCredentials.cs:49:33:51:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
-| HardcodedCredentials.cs:51:13:51:24 | "myPa55word" | HardcodedCredentials.cs:51:13:51:24 | "myPa55word" | HardcodedCredentials.cs:51:13:51:24 | "myPa55word" | The hard-coded value "myPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:51:13:51:24 | "myPa55word" | password | HardcodedCredentials.cs:49:33:51:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
-| HardcodedCredentials.cs:74:31:74:42 | "myusername" | HardcodedCredentials.cs:74:31:74:42 | "myusername" | HardcodedCredentials.cs:74:31:74:42 | "myusername" | The hard-coded value "myusername" flows to the $@ parameter in $@. | HardcodedCredentials.cs:74:31:74:42 | "myusername" | username | HardcodedCredentials.cs:74:9:74:57 | call to method CreateUser | call to method CreateUser |
-| HardcodedCredentials.cs:74:45:74:56 | "mypassword" | HardcodedCredentials.cs:74:45:74:56 | "mypassword" | HardcodedCredentials.cs:74:45:74:56 | "mypassword" | The hard-coded value "mypassword" flows to the $@ parameter in $@. | HardcodedCredentials.cs:74:45:74:56 | "mypassword" | password | HardcodedCredentials.cs:74:9:74:57 | call to method CreateUser | call to method CreateUser |
+| HardcodedCredentials.cs:16:25:16:36 | "myPa55word" | HardcodedCredentials.cs:16:25:16:36 | "myPa55word" | HardcodedCredentials.cs:16:25:16:36 | "myPa55word" | The hard-coded value "myPa55word" flows to $@ which is compared against $@. | HardcodedCredentials.cs:16:25:16:36 | "myPa55word" | "myPa55word" | HardcodedCredentials.cs:16:13:16:20 | access to local variable password | access to local variable password |
+| HardcodedCredentials.cs:32:19:32:28 | "username" | HardcodedCredentials.cs:32:19:32:28 | "username" | HardcodedCredentials.cs:32:19:32:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | HardcodedCredentials.cs:32:19:32:28 | "username" | name | HardcodedCredentials.cs:30:31:44:13 | object creation of type MembershipUser | object creation of type MembershipUser |
+| HardcodedCredentials.cs:46:39:46:53 | "myNewPa55word" | HardcodedCredentials.cs:46:39:46:53 | "myNewPa55word" | HardcodedCredentials.cs:46:39:46:53 | "myNewPa55word" | The hard-coded value "myNewPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:46:39:46:53 | "myNewPa55word" | newPassword | HardcodedCredentials.cs:46:9:46:54 | call to method ChangePassword | call to method ChangePassword |
+| HardcodedCredentials.cs:48:30:48:60 | array creation of type Byte[] | HardcodedCredentials.cs:48:30:48:60 | array creation of type Byte[] : Byte[] | HardcodedCredentials.cs:51:13:51:23 | access to local variable rawCertData | This hard-coded value flows to the $@ parameter in $@. | HardcodedCredentials.cs:51:13:51:23 | access to local variable rawCertData | rawData | HardcodedCredentials.cs:50:33:52:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
+| HardcodedCredentials.cs:52:13:52:24 | "myPa55word" | HardcodedCredentials.cs:52:13:52:24 | "myPa55word" | HardcodedCredentials.cs:52:13:52:24 | "myPa55word" | The hard-coded value "myPa55word" flows to the $@ parameter in $@. | HardcodedCredentials.cs:52:13:52:24 | "myPa55word" | password | HardcodedCredentials.cs:50:33:52:25 | object creation of type X509Certificate2 | object creation of type X509Certificate2 |
+| HardcodedCredentials.cs:75:31:75:42 | "myusername" | HardcodedCredentials.cs:75:31:75:42 | "myusername" | HardcodedCredentials.cs:75:31:75:42 | "myusername" | The hard-coded value "myusername" flows to the $@ parameter in $@. | HardcodedCredentials.cs:75:31:75:42 | "myusername" | username | HardcodedCredentials.cs:75:9:75:57 | call to method CreateUser | call to method CreateUser |
+| HardcodedCredentials.cs:75:45:75:56 | "mypassword" | HardcodedCredentials.cs:75:45:75:56 | "mypassword" | HardcodedCredentials.cs:75:45:75:56 | "mypassword" | The hard-coded value "mypassword" flows to the $@ parameter in $@. | HardcodedCredentials.cs:75:45:75:56 | "mypassword" | password | HardcodedCredentials.cs:75:9:75:57 | call to method CreateUser | call to method CreateUser |
 | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | TestHardcodedCredentials.cs:26:19:26:28 | "username" | The hard-coded value "username" flows to the $@ parameter in $@. | TestHardcodedCredentials.cs:26:19:26:28 | "username" | name | TestHardcodedCredentials.cs:24:31:38:13 | object creation of type MembershipUser | object creation of type MembershipUser |
--- a/csharp/ql/test/query-tests/Security
+++ b/csharp/ql/test/query-tests/Security
@@ -1,4 +1,5 @@
 semmle-extractor-options: /nostdlib /noconfig
 semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj
 semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj
 semmle-extractor-options: ${testdir}/../../../resources/stubs/Microsoft.VisualStudio.TestTools.UnitTesting.cs