diff --git a/csharp/ql/test/query-tests/Security Features/CWE-011/options b/csharp/ql/test/query-tests/Security Features/CWE-011/options new file mode 100644 index 00000000000..75c39b4541b --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-011/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-016/options b/csharp/ql/test/query-tests/Security Features/CWE-016/options new file mode 100644 index 00000000000..a5ea8b797c5 --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-016/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-020/options b/csharp/ql/test/query-tests/Security Features/CWE-020/options index 319fd18ddcc..96b0b028bdd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-020/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-020/options @@ -1 +1,3 @@ -semmle-extractor-options: /r:${testdir}/../../../resources/assemblies/System.Web.dll /r:${testdir}/../../../resources/assemblies/System.Web.ApplicationServices.dll /r:${testdir}/../../../resources/assemblies/System.Data.dll /r:System.Text.RegularExpressions.dll /r:System.Collections.Specialized.dll /r:System.Data.Common.dll /r:System.Security.Cryptography.X509Certificates.dll /r:System.Runtime.InteropServices.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/options b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/options index 17bfec6a531..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/options @@ -1 +1,3 @@ -semmle-extractor-options: /r:System.IO.FileSystem.dll /r:System.Runtime.Extensions.dll /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/options b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/options index acca6983965..a5ea8b797c5 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/options @@ -1 +1,2 @@ -semmle-extractor-options: /r:System.IO.Compression.dll /r:System.IO.Compression.FileSystem.dll /r:System.IO.Compression.ZipFile.dll /r:System.IO.FileSystem.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/options b/csharp/ql/test/query-tests/Security Features/CWE-078/options index de7d3478af5..7faed1b92ed 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-078/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-078/options @@ -1 +1,2 @@ -semmle-extractor-options: /r:System.ComponentModel.Primitives.dll /r:System.Diagnostics.Process.dll /r:System.Runtime.InteropServices.dll ${testdir}/../../../resources/stubs/System.Data.cs /r:System.Data.Common.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs index 24c4eb73912..1096634b690 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.cs @@ -1,5 +1,3 @@ -// semmle-extractor-options: /r:${testdir}/../../../../resources/assemblies/System.Data.dll /r:${testdir}/../../../../resources/assemblies/System.Web.dll /r:${testdir}/../../../../resources/assemblies/System.Web.Mvc.dll /r:System.ComponentModel.Primitives.dll /r:System.Collections.Specialized.dll /r:${testdir}/../../../../resources/assemblies/System.Net.Http.dll - using System; using System.Data.SqlClient; using System.Web; diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected index bafe7257095..beef5ec2968 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected @@ -1,8 +1,8 @@ edges -| StoredXSS.cs:24:60:24:86 | call to method GetString : String | StoredXSS.cs:24:44:24:86 | ... + ... | +| StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | nodes -| StoredXSS.cs:24:44:24:86 | ... + ... | semmle.label | ... + ... | -| StoredXSS.cs:24:60:24:86 | call to method GetString : String | semmle.label | call to method GetString : String | +| StoredXSS.cs:22:44:22:86 | ... + ... | semmle.label | ... + ... | +| StoredXSS.cs:22:60:22:86 | call to method GetString : String | semmle.label | call to method GetString : String | subpaths #select -| StoredXSS.cs:24:44:24:86 | ... + ... | StoredXSS.cs:24:60:24:86 | call to method GetString : String | StoredXSS.cs:24:44:24:86 | ... + ... | This HTML or JavaScript write depends on a $@. | StoredXSS.cs:24:60:24:86 | call to method GetString | stored (potentially user-provided) value | +| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | This HTML or JavaScript write depends on a $@. | StoredXSS.cs:22:60:22:86 | call to method GetString | stored (potentially user-provided) value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/options b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/options index a95668cbc59..34d9e62e93c 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Net.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/AspInline.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.expected similarity index 66% rename from csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/AspInline.expected rename to csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.expected index d296914aba7..66468b41a68 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/AspInline.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.expected @@ -1,5 +1,5 @@ -| script.aspx:4:1:4:23 | <%= ... %> | XSS.cs:114:16:114:29 | someJavascript | -| script.aspx:8:1:8:12 | <%= ... %> | XSS.cs:121:24:121:28 | Field | +| script.aspx:4:1:4:23 | <%= ... %> | XSS.cs:115:16:115:29 | someJavascript | +| script.aspx:8:1:8:12 | <%= ... %> | XSS.cs:122:24:122:28 | Field | | script.aspx:12:1:12:14 | <%= ... %> | | Request | | script.aspx:16:1:16:34 | <%= ... %> | | QueryString | | script.aspx:20:1:20:41 | <%= ... %> | | QueryString | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/AspInline.ql b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.ql similarity index 100% rename from csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/AspInline.ql rename to csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/AspInline.ql diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/XSS.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs similarity index 93% rename from csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/XSS.cs rename to csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs index da82672c6df..1fc8a99e61b 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/XSS.cs +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.cs @@ -1,4 +1,4 @@ - +// semmle-extractor-options: /r:${testdir}/../../../../resources/assemblies/System.Web.dll /r:${testdir}/../../../../resources/assemblies/System.Web.Mvc.dll /r:System.Collections.Specialized.dll /r:${testdir}/../../../../resources/assemblies/System.Net.Http.dll using System; using System.Net; using System.Net.Http; @@ -102,7 +102,8 @@ namespace Test new StringContent(HttpUtility.HtmlEncode(name)); } - public void UrlEncoded(HttpContextBase context) { + public void UrlEncoded(HttpContextBase context) + { // GOOD: URL encoding string name = context.Request.QueryString["name"]; new StringContent(HttpUtility.UrlEncode(name)); diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/XSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected similarity index 97% rename from csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/XSS.expected rename to csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected index f1f4c631769..4b1440cee4a 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/XSS.expected +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected @@ -56,7 +56,7 @@ nodes | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection | | XSS.cs:94:27:94:61 | access to indexer : String | semmle.label | access to indexer : String | | XSS.cs:95:31:95:34 | access to local variable name | semmle.label | access to local variable name | -| XSS.cs:134:20:134:33 | access to property RawUrl | semmle.label | access to property RawUrl | +| XSS.cs:135:20:135:33 | access to property RawUrl | semmle.label | access to property RawUrl | | script.aspx:12:1:12:14 | <%= ... %> | semmle.label | <%= ... %> | | script.aspx:16:1:16:34 | <%= ... %> | semmle.label | <%= ... %> | | script.aspx:20:1:20:41 | <%= ... %> | semmle.label | <%= ... %> | @@ -72,7 +72,7 @@ subpaths | XSS.cs:86:28:86:31 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:86:28:86:31 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value | | XSS.cs:87:31:87:34 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:87:31:87:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value | | XSS.cs:95:31:95:34 | access to local variable name | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:95:31:95:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | User-provided value | -| XSS.cs:134:20:134:33 | access to property RawUrl | XSS.cs:134:20:134:33 | access to property RawUrl | XSS.cs:134:20:134:33 | access to property RawUrl | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:134:20:134:33 | access to property RawUrl | User-provided value | +| XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:135:20:135:33 | access to property RawUrl | User-provided value | | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:12:1:12:14 | <%= ... %> | User-provided value | | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:16:1:16:34 | <%= ... %> | User-provided value | | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:20:1:20:41 | <%= ... %> | User-provided value | diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/XSS.qlref b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.qlref similarity index 100% rename from csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/XSS.qlref rename to csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.qlref diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/options b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/options new file mode 100644 index 00000000000..a95668cbc59 --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/options @@ -0,0 +1 @@ +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Net.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/script.aspx b/csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx similarity index 100% rename from csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/script.aspx rename to csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/script.aspx diff --git a/csharp/ql/test/query-tests/Security Features/CWE-089/options b/csharp/ql/test/query-tests/Security Features/CWE-089/options index 036514ceb74..b1124d05dcd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-089/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-089/options @@ -1,6 +1,6 @@ semmle-extractor-options: /nostdlib /noconfig -semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/Dapper/2.0.90/Dapper.csproj -semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj -semmle-extractor-options: --load-sources-from-project:../../../resources/stubs/System.Data.SQLite/1.0.116/System.Data.SQLite.csproj +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/Dapper/2.0.90/Dapper.csproj +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/System.Data.SQLite/1.0.116/System.Data.SQLite.csproj semmle-extractor-options: ${testdir}/../../../resources/stubs/EntityFramework.cs semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Windows.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/options b/csharp/ql/test/query-tests/Security Features/CWE-090/options index dfc3914bb98..1a54f1e9c36 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-090/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-090/options @@ -1,2 +1,4 @@ -semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs ${testdir}/../../../resources/stubs/System.DirectoryServices.cs /r:System.ComponentModel.Primitives.dll /r:System.Collections.Specialized.dll /r:System.ComponentModel.TypeConverter.dll /r:System.Private.Xml.dll -semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Data.cs /r:System.Data.Common.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.DirectoryServices.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/options b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/options index 5194fddbe4d..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/options @@ -1 +1,3 @@ -semmle-extractor-options: /r:System.Private.Xml.dll /r:System.Xml.dll /r:System.Xml.ReaderWriter.dll /r:System.Runtime.Extensions.dll /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-094/options b/csharp/ql/test/query-tests/Security Features/CWE-094/options index 97b9301f4dc..cce2f114af6 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-094/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-094/options @@ -1 +1,5 @@ -semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/Microsoft.CSharp.cs /r:System.ComponentModel.Primitives.dll ${testdir}/../../../resources/stubs/System.Windows.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Windows.cs +semmle-extractor-options: ${testdir}/../../../resources/stubs/Microsoft.CSharp.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-099/options b/csharp/ql/test/query-tests/Security Features/CWE-099/options index 2878eb40d52..6f56ddfc468 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-099/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-099/options @@ -1 +1,3 @@ -semmle-extractor-options: /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/System.Web.cs /r:${testdir}/../../../resources/assemblies/System.Data.dll /r:System.Data.Common.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-112/options b/csharp/ql/test/query-tests/Security Features/CWE-112/options index c72ec0605ab..96b0b028bdd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-112/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-112/options @@ -1 +1,3 @@ -semmle-extractor-options: /r:System.Collections.Specialized.dll /r:System.Runtime.Extensions.dll ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Xml.ReaderWriter.dll /r:System.Private.Xml.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/options b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/options index 2fe55538006..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/options @@ -1 +1,3 @@ -semmle-extractor-options: /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-119/options b/csharp/ql/test/query-tests/Security Features/CWE-119/options new file mode 100644 index 00000000000..75c39b4541b --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-119/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-134/options b/csharp/ql/test/query-tests/Security Features/CWE-134/options index 54d2098bf4e..ab08ee323e2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-134/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-134/options @@ -1 +1,4 @@ -semmle-extractor-options: /r:System.Runtime.Extensions.dll /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/System.Web.cs ${testdir}/../../../resources/stubs/System.Windows.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Windows.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/options b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/options index 3d76f691ef2..34d9e62e93c 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/options @@ -1 +1,3 @@ -semmle-extractor-options: /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs ${testdir}/../../../../resources/stubs/System.Data.cs ${testdir}/../../../../resources/stubs/System.Net.cs /r:System.Data.Common.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-209/options b/csharp/ql/test/query-tests/Security Features/CWE-209/options index 326ff69528b..96b0b028bdd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-209/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-209/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/options b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/options index 96837650998..9d05f9bf06d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/options b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/options index 96837650998..9d05f9bf06d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-312/options b/csharp/ql/test/query-tests/Security Features/CWE-312/options index 4b3bf418201..ab08ee323e2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-312/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-312/options @@ -1 +1,4 @@ -semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll /r:System.Security.Cryptography.dll {testdir}/../../../../resources/stubs/System.Windows.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Windows.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-338/options b/csharp/ql/test/query-tests/Security Features/CWE-338/options index 1225f3c0220..bd9f6e49ece 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-338/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-338/options @@ -1,2 +1,3 @@ -semmle-extractor-options: /r:System.Security.Cryptography.Csp.dll /r:System.Security.Cryptography.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj semmle-extractor-options: ${testdir}/../../../resources/stubs/Microsoft.VisualStudio.TestTools.UnitTesting.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-352/global/options b/csharp/ql/test/query-tests/Security Features/CWE-352/global/options index 5ce3b321a94..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-352/global/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-352/global/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-352/missing/options b/csharp/ql/test/query-tests/Security Features/CWE-352/missing/options index 5ce3b321a94..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-352/missing/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-352/missing/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-359/options b/csharp/ql/test/query-tests/Security Features/CWE-359/options index aa088071c5d..ab08ee323e2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-359/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-359/options @@ -1 +1,4 @@ -semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll /r:System.Security.Cryptography.dll ${testdir}/../../../resources/stubs/System.Windows.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Windows.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-384/options b/csharp/ql/test/query-tests/Security Features/CWE-384/options index 326ff69528b..96b0b028bdd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-384/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-384/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/options b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/options index 96837650998..9d05f9bf06d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/options b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/options index 96837650998..9d05f9bf06d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/options b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/options index 96837650998..9d05f9bf06d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/options b/csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/options index bd4d77c7377..a5ea8b797c5 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/DeserializedDelegate/options @@ -1 +1,2 @@ -semmle-extractor-options: /r:System.Runtime.Serialization.Formatters.dll /r:System.IO.FileSystem.dll /r:System.Linq.Expressions.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/options b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/options index 182f92f8d84..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserialization/options @@ -1 +1,3 @@ -semmle-extractor-options: /r:System.Private.Xml.dll /r:System.Xml.ReaderWriter.dll /r:System.Private.DataContractSerialization.dll /r:System.Runtime.Serialization.Formatters.dll /r:System.Runtime.Extensions.dll /r:System.IO.FileSystem.dll /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/options b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/options index 182f92f8d84..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/options @@ -1 +1,3 @@ -semmle-extractor-options: /r:System.Private.Xml.dll /r:System.Xml.ReaderWriter.dll /r:System.Private.DataContractSerialization.dll /r:System.Runtime.Serialization.Formatters.dll /r:System.Runtime.Extensions.dll /r:System.IO.FileSystem.dll /r:System.Collections.Specialized.dll ${testdir}/../../../../resources/stubs/System.Web.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/options b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/options index bd183f95f5c..81ebad48b0d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/options @@ -1 +1,3 @@ -semmle-extractor-options: /nostdlib /noconfig --load-sources-from-project:${testdir}/../../../../resources/stubs/Newtonsoft.Json/13.0.1/Newtonsoft.Json.csproj ${testdir}/../../../../resources/stubs/System.Web.cs +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/Newtonsoft.Json/13.0.1/Newtonsoft.Json.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/options b/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/options index 5ce3b321a94..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-539/PersistentCookie/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-548/options b/csharp/ql/test/query-tests/Security Features/CWE-548/options new file mode 100644 index 00000000000..75c39b4541b --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-548/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/options b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/options index fb116749418..daca5d73f55 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/options @@ -1,4 +1,4 @@ semmle-extractor-options: /nostdlib /noconfig semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj -semmle-extractor-options: --load-sources-from-project:../../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/options b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/options index 96837650998..9d05f9bf06d 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/options b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/options new file mode 100644 index 00000000000..f4586e95ef0 --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/options b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/options new file mode 100644 index 00000000000..f4586e95ef0 --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/options b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/options new file mode 100644 index 00000000000..f4586e95ef0 --- /dev/null +++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/options @@ -0,0 +1,2 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/options b/csharp/ql/test/query-tests/Security Features/CWE-643/options index 9ab01d95193..6f56ddfc468 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-643/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-643/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll ${testdir}/../../../resources/stubs/System.Data.cs /r:System.Private.Xml.dll /r:System.Xml.XPath.dll /r:System.Data.Common.dll /r:System.Runtime.Extensions.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/options b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/options index 84463712411..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs /r:System.Text.RegularExpressions.dll /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/options b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/options index 1a4a26ba9ed..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs /r:System.Text.RegularExpressions.dll /r:System.Collections.Specialized.dll /r:System.Runtime.Extensions.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/options b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/options index 84463712411..9290f65d5b2 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs /r:System.Text.RegularExpressions.dll /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/query-tests/Security Features/CWE-798/options b/csharp/ql/test/query-tests/Security Features/CWE-798/options index 3145ab2441c..a361e4fde29 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-798/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-798/options @@ -1,2 +1,4 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/System.Data.SqlClient/4.8.3/System.Data.SqlClient.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs semmle-extractor-options: ${testdir}/../../../resources/stubs/Microsoft.VisualStudio.TestTools.UnitTesting.cs -semmle-extractor-options: /r:${testdir}/../../../resources/assemblies/System.Web.dll /r:${testdir}/../../../resources/assemblies/System.Web.ApplicationServices.dll /r:${testdir}/../../../resources/assemblies/System.Data.dll /r:System.Text.RegularExpressions.dll /r:System.Collections.Specialized.dll /r:System.Data.Common.dll /r:System.Security.Cryptography.dll /r:System.Runtime.InteropServices.dll diff --git a/csharp/ql/test/query-tests/Security Features/CWE-807/options b/csharp/ql/test/query-tests/Security Features/CWE-807/options index e2ddeb7dac8..96b0b028bdd 100644 --- a/csharp/ql/test/query-tests/Security Features/CWE-807/options +++ b/csharp/ql/test/query-tests/Security Features/CWE-807/options @@ -1 +1,3 @@ -semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Net.cs ${testdir}/../../../resources/stubs/System.Web.cs /r:System.Collections.Specialized.dll +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../resources/stubs/_frameworks/Microsoft.NETCore.App/Microsoft.NETCore.App.csproj +semmle-extractor-options: ${testdir}/../../../resources/stubs/System.Web.cs diff --git a/csharp/ql/test/resources/stubs/System.Web.cs b/csharp/ql/test/resources/stubs/System.Web.cs index 725b672fbe8..58865f82e6a 100644 --- a/csharp/ql/test/resources/stubs/System.Web.cs +++ b/csharp/ql/test/resources/stubs/System.Web.cs @@ -156,6 +156,7 @@ namespace System.Web public class HttpResponse { public void Write(object o) { } + public void Write(string s) { } public void WriteFile(string s) { } public HttpCookieCollection Cookies => null; public void AddHeader(string name, string value) { }