hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-26 01:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #17208 from michaelnebel/csharp/prettyprintmodels

Browse Source 
C#: Pretty print models in tests.
This commit is contained in:
Michael Nebel
2024-08-14 11:23:01 +02:00
committed by GitHub
parent 4e02e34fd5 c5343fb829
commit 3425efe421
87 changed files with 1008 additions and 709 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
csharp/ql/test/TestUtilities/PrettyPrintModels.ql Normal file
View File

@@ -0,0 +1,11 @@
/**
* @kind test-postprocess
*/
import semmle.code.csharp.dataflow.internal.ExternalFlow
import codeql.dataflow.test.ProvenancePathGraph
import codeql.dataflow.test.ProvenancePathGraph::TestPostProcessing::TranslateProvenanceResults<interpretModelForTest/2>
from string relation, int row, int column, string data
where results(relation, row, column, data)
select relation, row, column, data

8
csharp/ql/test/TestUtilities/ProvenancePathGraph.qll Normal file
View File

@@ -0,0 +1,8 @@
private import codeql.dataflow.DataFlow as DF
private import codeql.dataflow.test.ProvenancePathGraph as Graph
private import semmle.code.csharp.dataflow.internal.ExternalFlow
/** Transforms a `PathGraph` by printing the provenance information. */
module ShowProvenance<Graph::PathNodeSig PathNode, DF::PathGraphSig<PathNode> PathGraph> {
import Graph::ShowProvenance<interpretModelForTest/2, PathNode, PathGraph>
}

14
csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected
View File

@@ -1,13 +1,19 @@
#select
| HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | $@ is hashed without a salt. | HashWithoutSalt.cs:18:70:18:77 | access to parameter password | The password |
| HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:38:64:38:71 | access to parameter password | The password |
| HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:70:64:70:71 | access to parameter password | The password |
edges
| HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | provenance | |
| HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | provenance | |
| HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | provenance | Config |
| HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | provenance | |
| HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | provenance | |
| HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
| HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | provenance | MaD:1 |
| HashWithoutSalt.cs:70:16:70:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | provenance | |
| HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:70:16:70:24 | access to local variable passBytes : Byte[] | provenance | |
| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | provenance | MaD:1 |
models
| 1 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
nodes
| HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | semmle.label | access to local variable passBuff : IBuffer |
| HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | semmle.label | call to method ConvertStringToBinary : IBuffer |
@@ -22,7 +28,3 @@ nodes
| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | semmle.label | access to parameter password : String |
| HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | semmle.label | access to local variable passBytes |
subpaths
#select
| HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | $@ is hashed without a salt. | HashWithoutSalt.cs:18:70:18:77 | access to parameter password | The password |
| HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:38:64:38:71 | access to parameter password | The password |
| HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:70:64:70:71 | access to parameter password | The password |

3
csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.qlref
View File

@@ -1 +1,2 @@
experimental/Security Features/CWE-759/HashWithoutSalt.ql
query: experimental/Security Features/CWE-759/HashWithoutSalt.ql
postprocess: TestUtilities/PrettyPrintModels.ql

8
csharp/ql/test/library-tests/dataflow/async/Async.expected
View File

@@ -1,3 +1,5 @@
models
| 1 | Summary: System.Threading.Tasks; Task; false; FromResult<TResult>; (TResult); ; Argument[0]; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual |
edges
| Async.cs:9:37:9:41 | input : String | Async.cs:11:21:11:25 | access to parameter input : String | provenance | |
| Async.cs:11:21:11:25 | access to parameter input : String | Async.cs:11:14:11:26 | call to method Return | provenance | |
@@ -25,13 +27,13 @@ edges
| Async.cs:38:16:38:16 | access to parameter x : String | Async.cs:26:23:26:40 | call to method ReturnAwait : Task<String> [property Result] : String | provenance | |
| Async.cs:41:33:41:37 | input : String | Async.cs:43:25:43:29 | access to parameter input : String | provenance | |
| Async.cs:43:14:43:30 | call to method ReturnTask : Task<T> [property Result] : String | Async.cs:43:14:43:37 | access to property Result | provenance | |
| Async.cs:43:25:43:29 | access to parameter input : String | Async.cs:43:14:43:30 | call to method ReturnTask : Task<T> [property Result] : String | provenance | MaD:2002 |
| Async.cs:43:25:43:29 | access to parameter input : String | Async.cs:43:14:43:30 | call to method ReturnTask : Task<T> [property Result] : String | provenance | MaD:1 |
| Async.cs:43:25:43:29 | access to parameter input : String | Async.cs:46:44:46:44 | x : String | provenance | |
| Async.cs:46:44:46:44 | x : String | Async.cs:48:32:48:32 | access to parameter x : String | provenance | |
| Async.cs:46:44:46:44 | x : String | Async.cs:48:32:48:32 | access to parameter x : String | provenance | |
| Async.cs:48:16:48:33 | call to method FromResult<String> : Task<T> [property Result] : String | Async.cs:43:14:43:30 | call to method ReturnTask : Task<T> [property Result] : String | provenance | |
| Async.cs:48:32:48:32 | access to parameter x : String | Async.cs:48:16:48:33 | call to method FromResult<String> : Task<T> [property Result] : String | provenance | MaD:2002 |
| Async.cs:48:32:48:32 | access to parameter x : String | Async.cs:48:16:48:33 | call to method FromResult<String> : Task<T> [property Result] : String | provenance | MaD:2002 |
| Async.cs:48:32:48:32 | access to parameter x : String | Async.cs:48:16:48:33 | call to method FromResult<String> : Task<T> [property Result] : String | provenance | MaD:1 |
| Async.cs:48:32:48:32 | access to parameter x : String | Async.cs:48:16:48:33 | call to method FromResult<String> : Task<T> [property Result] : String | provenance | MaD:1 |
| Async.cs:51:52:51:52 | x : String | Async.cs:51:58:51:58 | access to parameter x : String | provenance | |
| Async.cs:51:52:51:52 | x : String | Async.cs:51:58:51:58 | access to parameter x : String | provenance | |
| Async.cs:51:58:51:58 | access to parameter x : String | Async.cs:32:14:32:32 | call to method ReturnAwait2 : Task<String> [property Result] : String | provenance | |

2
csharp/ql/test/library-tests/dataflow/async/Async.ql
View File

@@ -1,5 +1,5 @@
import csharp
import Taint::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<Taint::PathNode, Taint::PathGraph>
class MySink extends DataFlow::ExprNode {
MySink() {

198
csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.expected
View File

@@ -1,47 +1,73 @@
models
| 1 | Summary: System.Collections.Generic; Dictionary<TKey,TValue>; false; get_Keys; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; ReturnValue.Element; value; manual |
| 2 | Summary: System.Collections.Generic; Dictionary<TKey,TValue>; false; get_Values; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; ReturnValue.Element; value; manual |
| 3 | Summary: System.Collections.Generic; ICollection<T>; true; Add; (T); ; Argument[0]; Argument[this].Element; value; manual |
| 4 | Summary: System.Collections.Generic; IDictionary<TKey,TValue>; true; Add; (TKey,TValue); ; Argument[0]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; value; manual |
| 5 | Summary: System.Collections.Generic; IDictionary<TKey,TValue>; true; Add; (TKey,TValue); ; Argument[1]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; value; manual |
| 6 | Summary: System.Collections.Generic; IDictionary<TKey,TValue>; true; get_Item; (TKey); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; ReturnValue; value; manual |
| 7 | Summary: System.Collections.Generic; IDictionary<TKey,TValue>; true; get_Keys; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; ReturnValue.Element; value; manual |
| 8 | Summary: System.Collections.Generic; IDictionary<TKey,TValue>; true; get_Values; (); ; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; ReturnValue.Element; value; manual |
| 9 | Summary: System.Collections.Generic; IDictionary<TKey,TValue>; true; set_Item; (TKey,TValue); ; Argument[0]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Key]; value; manual |
| 10 | Summary: System.Collections.Generic; IDictionary<TKey,TValue>; true; set_Item; (TKey,TValue); ; Argument[1]; Argument[this].Element.Property[System.Collections.Generic.KeyValuePair`2.Value]; value; manual |
| 11 | Summary: System.Collections.Generic; IList<T>; true; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual |
| 12 | Summary: System.Collections.Generic; IList<T>; true; set_Item; (System.Int32,T); ; Argument[1]; Argument[this].Element; value; manual |
| 13 | Summary: System.Collections.Generic; KeyValuePair<TKey,TValue>; false; KeyValuePair; (TKey,TValue); ; Argument[0]; Argument[this].Property[System.Collections.Generic.KeyValuePair`2.Key]; value; manual |
| 14 | Summary: System.Collections.Generic; List<T>; false; GetEnumerator; (); ; Argument[this].Element; ReturnValue.Property[System.Collections.Generic.List`1+Enumerator.Current]; value; manual |
| 15 | Summary: System.Collections; IEnumerable; true; GetEnumerator; (); ; Argument[this].Element; ReturnValue.Property[System.Collections.IEnumerator.Current]; value; manual |
| 16 | Summary: System.Linq; Enumerable; false; First<TSource>; (System.Collections.Generic.IEnumerable<TSource>); ; Argument[0].Element; ReturnValue; value; manual |
| 17 | Summary: System.Linq; Enumerable; false; Select<TSource,TResult>; (System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual |
| 18 | Summary: System; ReadOnlySpan<T>; false; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual |
| 19 | Summary: System; ReadOnlySpan<T>; false; ReadOnlySpan; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual |
| 20 | Summary: System; Span<T>; false; CopyTo; (System.Span<T>); ; Argument[this].Element; Argument[0].Element; value; manual |
| 21 | Summary: System; Span<T>; false; Fill; (T); ; Argument[0]; Argument[this].Element; value; manual |
| 22 | Summary: System; Span<T>; false; get_Item; (System.Int32); ; Argument[this].Element; ReturnValue; value; manual |
| 23 | Summary: System; Span<T>; false; Span; (T); ; Argument[0]; Argument[this].Element; value; manual |
| 24 | Summary: System; Span<T>; false; Span; (T[]); ; Argument[0].Element; Argument[this].Element; value; manual |
| 25 | Summary: System; Span<T>; false; ToArray; (); ; Argument[this].Element; ReturnValue.Element; value; manual |
edges
| CollectionFlow.cs:14:40:14:41 | ts : A[] [element] : A | CollectionFlow.cs:14:52:14:53 | access to parameter ts : A[] [element] : A | provenance | |
| CollectionFlow.cs:14:40:14:41 | ts : null [element] : A | CollectionFlow.cs:14:52:14:53 | access to parameter ts : null [element] : A | provenance | |
| CollectionFlow.cs:14:52:14:53 | access to parameter ts : A[] [element] : A | CollectionFlow.cs:14:52:14:56 | access to array element | provenance | |
| CollectionFlow.cs:14:52:14:53 | access to parameter ts : null [element] : A | CollectionFlow.cs:14:52:14:56 | access to array element | provenance | |
| CollectionFlow.cs:16:49:16:52 | list : List<T> [element] : A | CollectionFlow.cs:16:63:16:66 | access to parameter list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:16:63:16:66 | access to parameter list : List<T> [element] : A | CollectionFlow.cs:16:63:16:69 | access to indexer | provenance | MaD:617 |
| CollectionFlow.cs:16:63:16:66 | access to parameter list : List<T> [element] : A | CollectionFlow.cs:16:63:16:69 | access to indexer | provenance | MaD:11 |
| CollectionFlow.cs:18:61:18:64 | dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:18:75:18:78 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:18:75:18:78 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:18:75:18:81 | access to indexer | provenance | MaD:610 |
| CollectionFlow.cs:18:75:18:78 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:18:75:18:81 | access to indexer | provenance | MaD:6 |
| CollectionFlow.cs:20:59:20:62 | dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:20:73:20:76 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:20:73:20:76 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:600 |
| CollectionFlow.cs:20:73:20:76 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:611 |
| CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:20:73:20:89 | call to method First<T> | provenance | MaD:1211 |
| CollectionFlow.cs:20:73:20:76 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:1 |
| CollectionFlow.cs:20:73:20:76 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:7 |
| CollectionFlow.cs:20:73:20:81 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:20:73:20:89 | call to method First<T> | provenance | MaD:16 |
| CollectionFlow.cs:22:34:22:35 | ts : A[] [element] : A | CollectionFlow.cs:22:41:22:42 | access to parameter ts : A[] [element] : A | provenance | |
| CollectionFlow.cs:22:34:22:35 | ts : null [element] : A | CollectionFlow.cs:22:41:22:42 | access to parameter ts : null [element] : A | provenance | |
| CollectionFlow.cs:22:41:22:42 | access to parameter ts : A[] [element] : A | CollectionFlow.cs:22:41:22:45 | access to array element : A | provenance | |
| CollectionFlow.cs:22:41:22:42 | access to parameter ts : null [element] : A | CollectionFlow.cs:22:41:22:45 | access to array element : A | provenance | |
| CollectionFlow.cs:24:43:24:46 | list : List<T> [element] : A | CollectionFlow.cs:24:52:24:55 | access to parameter list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:24:52:24:55 | access to parameter list : List<T> [element] : A | CollectionFlow.cs:24:52:24:58 | access to indexer : A | provenance | MaD:617 |
| CollectionFlow.cs:24:52:24:55 | access to parameter list : List<T> [element] : A | CollectionFlow.cs:24:52:24:58 | access to indexer : A | provenance | MaD:11 |
| CollectionFlow.cs:26:58:26:61 | dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:26:67:26:70 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:26:67:26:70 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:26:67:26:73 | access to indexer : A | provenance | MaD:610 |
| CollectionFlow.cs:26:67:26:70 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:26:67:26:73 | access to indexer : A | provenance | MaD:6 |
| CollectionFlow.cs:28:59:28:62 | dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:28:68:28:79 | call to method First<KeyValuePair<Int32,T>> : KeyValuePair<Int32,T> [property Value] : A | provenance | MaD:1211 |
| CollectionFlow.cs:28:68:28:71 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:28:68:28:79 | call to method First<KeyValuePair<Int32,T>> : KeyValuePair<Int32,T> [property Value] : A | provenance | MaD:16 |
| CollectionFlow.cs:28:68:28:79 | call to method First<KeyValuePair<Int32,T>> : KeyValuePair<Int32,T> [property Value] : A | CollectionFlow.cs:28:68:28:85 | access to property Value : A | provenance | |
| CollectionFlow.cs:30:60:30:63 | dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | provenance | MaD:601 |
| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | provenance | MaD:601 |
| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | provenance | MaD:612 |
| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | provenance | MaD:612 |
| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First<T> : A | provenance | MaD:1211 |
| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First<T> : A | provenance | MaD:1211 |
| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First<T> : A | provenance | MaD:1211 |
| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First<T> : A | provenance | MaD:1211 |
| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | provenance | MaD:2 |
| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | provenance | MaD:2 |
| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | provenance | MaD:8 |
| CollectionFlow.cs:30:69:30:72 | access to parameter dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | provenance | MaD:8 |
| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First<T> : A | provenance | MaD:16 |
| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First<T> : A | provenance | MaD:16 |
| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First<T> : A | provenance | MaD:16 |
| CollectionFlow.cs:30:69:30:79 | access to property Values : ICollection<T> [element] : A | CollectionFlow.cs:30:69:30:87 | call to method First<T> : A | provenance | MaD:16 |
| CollectionFlow.cs:32:58:32:61 | dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:600 |
| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:600 |
| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:611 |
| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:611 |
| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A | provenance | MaD:1211 |
| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A | provenance | MaD:1211 |
| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A | provenance | MaD:1211 |
| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A | provenance | MaD:1211 |
| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:1 |
| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:1 |
| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:7 |
| CollectionFlow.cs:32:67:32:70 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | provenance | MaD:7 |
| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A | provenance | MaD:16 |
| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A | provenance | MaD:16 |
| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A | provenance | MaD:16 |
| CollectionFlow.cs:32:67:32:75 | access to property Keys : ICollection<T> [element] : A | CollectionFlow.cs:32:67:32:83 | call to method First<T> : A | provenance | MaD:16 |
| CollectionFlow.cs:34:57:34:60 | dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:34:66:34:77 | call to method First<KeyValuePair<T,Int32>> : KeyValuePair<T,Int32> [property Key] : A | provenance | MaD:1211 |
| CollectionFlow.cs:34:66:34:69 | access to parameter dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:34:66:34:77 | call to method First<KeyValuePair<T,Int32>> : KeyValuePair<T,Int32> [property Key] : A | provenance | MaD:16 |
| CollectionFlow.cs:34:66:34:77 | call to method First<KeyValuePair<T,Int32>> : KeyValuePair<T,Int32> [property Key] : A | CollectionFlow.cs:34:66:34:81 | access to property Key : A | provenance | |
| CollectionFlow.cs:36:49:36:52 | args : A[] [element] : A | CollectionFlow.cs:36:63:36:66 | access to parameter args : A[] [element] : A | provenance | |
| CollectionFlow.cs:36:49:36:52 | args : null [element] : A | CollectionFlow.cs:36:63:36:66 | access to parameter args : null [element] : A | provenance | |
@@ -88,32 +114,32 @@ edges
| CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:99:14:99:17 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:100:22:100:25 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:101:24:101:27 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:98:19:98:19 | access to local variable a : A | CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List<T> [element] : A | provenance | MaD:618 |
| CollectionFlow.cs:99:14:99:17 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:99:14:99:20 | access to indexer | provenance | MaD:617 |
| CollectionFlow.cs:98:19:98:19 | access to local variable a : A | CollectionFlow.cs:98:9:98:12 | [post] access to local variable list : List<T> [element] : A | provenance | MaD:12 |
| CollectionFlow.cs:99:14:99:17 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:99:14:99:20 | access to indexer | provenance | MaD:11 |
| CollectionFlow.cs:100:22:100:25 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:16:49:16:52 | list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:101:24:101:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:24:43:24:46 | list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:101:24:101:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:101:14:101:28 | call to method ListFirst<A> | provenance | MaD:617 |
| CollectionFlow.cs:101:24:101:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:101:14:101:28 | call to method ListFirst<A> | provenance | MaD:11 |
| CollectionFlow.cs:115:13:115:13 | access to local variable a : A | CollectionFlow.cs:116:36:116:36 | access to local variable a : A | provenance | |
| CollectionFlow.cs:115:17:115:23 | object creation of type A : A | CollectionFlow.cs:115:13:115:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:116:13:116:16 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:117:14:117:17 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:116:13:116:16 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:118:22:118:25 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:116:13:116:16 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:119:24:119:27 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:116:20:116:38 | object creation of type List<A> : List<T> [element] : A | CollectionFlow.cs:116:13:116:16 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:116:36:116:36 | access to local variable a : A | CollectionFlow.cs:116:20:116:38 | object creation of type List<A> : List<T> [element] : A | provenance | MaD:605 |
| CollectionFlow.cs:117:14:117:17 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:117:14:117:20 | access to indexer | provenance | MaD:617 |
| CollectionFlow.cs:116:36:116:36 | access to local variable a : A | CollectionFlow.cs:116:20:116:38 | object creation of type List<A> : List<T> [element] : A | provenance | MaD:3 |
| CollectionFlow.cs:117:14:117:17 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:117:14:117:20 | access to indexer | provenance | MaD:11 |
| CollectionFlow.cs:118:22:118:25 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:16:49:16:52 | list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:119:24:119:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:24:43:24:46 | list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:119:24:119:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:119:14:119:28 | call to method ListFirst<A> | provenance | MaD:617 |
| CollectionFlow.cs:119:24:119:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:119:14:119:28 | call to method ListFirst<A> | provenance | MaD:11 |
| CollectionFlow.cs:132:13:132:13 | access to local variable a : A | CollectionFlow.cs:134:18:134:18 | access to local variable a : A | provenance | |
| CollectionFlow.cs:132:17:132:23 | object creation of type A : A | CollectionFlow.cs:132:13:132:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:135:14:135:17 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:136:22:136:25 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:137:24:137:27 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:134:18:134:18 | access to local variable a : A | CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List<T> [element] : A | provenance | MaD:605 |
| CollectionFlow.cs:135:14:135:17 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:135:14:135:20 | access to indexer | provenance | MaD:617 |
| CollectionFlow.cs:134:18:134:18 | access to local variable a : A | CollectionFlow.cs:134:9:134:12 | [post] access to local variable list : List<T> [element] : A | provenance | MaD:3 |
| CollectionFlow.cs:135:14:135:17 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:135:14:135:20 | access to indexer | provenance | MaD:11 |
| CollectionFlow.cs:136:22:136:25 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:16:49:16:52 | list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:137:24:137:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:24:43:24:46 | list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:137:24:137:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:137:14:137:28 | call to method ListFirst<A> | provenance | MaD:617 |
| CollectionFlow.cs:137:24:137:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:137:14:137:28 | call to method ListFirst<A> | provenance | MaD:11 |
| CollectionFlow.cs:151:13:151:13 | access to local variable a : A | CollectionFlow.cs:153:19:153:19 | access to local variable a : A | provenance | |
| CollectionFlow.cs:151:17:151:23 | object creation of type A : A | CollectionFlow.cs:151:13:151:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:154:14:154:17 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
@@ -121,16 +147,16 @@ edges
| CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:156:28:156:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:157:29:157:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:158:30:158:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:153:19:153:19 | access to local variable a : A | CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | MaD:614 |
| CollectionFlow.cs:154:14:154:17 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:154:14:154:20 | access to indexer | provenance | MaD:610 |
| CollectionFlow.cs:153:19:153:19 | access to local variable a : A | CollectionFlow.cs:153:9:153:12 | [post] access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | MaD:10 |
| CollectionFlow.cs:154:14:154:17 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:154:14:154:20 | access to indexer | provenance | MaD:6 |
| CollectionFlow.cs:155:23:155:26 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:18:61:18:64 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:156:28:156:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:26:58:26:61 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:156:28:156:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:156:14:156:32 | call to method DictIndexZero<A> | provenance | MaD:610 |
| CollectionFlow.cs:156:28:156:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:156:14:156:32 | call to method DictIndexZero<A> | provenance | MaD:6 |
| CollectionFlow.cs:157:29:157:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:28:59:28:62 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:157:29:157:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:157:14:157:33 | call to method DictFirstValue<A> | provenance | MaD:1211 |
| CollectionFlow.cs:157:29:157:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:157:14:157:33 | call to method DictFirstValue<A> | provenance | MaD:16 |
| CollectionFlow.cs:158:30:158:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:60:30:63 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:158:30:158:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:158:14:158:34 | call to method DictValuesFirst<A> | provenance | MaD:601 |
| CollectionFlow.cs:158:30:158:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:158:14:158:34 | call to method DictValuesFirst<A> | provenance | MaD:612 |
| CollectionFlow.cs:158:30:158:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:158:14:158:34 | call to method DictValuesFirst<A> | provenance | MaD:2 |
| CollectionFlow.cs:158:30:158:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:158:14:158:34 | call to method DictValuesFirst<A> | provenance | MaD:8 |
| CollectionFlow.cs:174:13:174:13 | access to local variable a : A | CollectionFlow.cs:175:52:175:52 | access to local variable a : A | provenance | |
| CollectionFlow.cs:174:17:174:23 | object creation of type A : A | CollectionFlow.cs:174:13:174:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:175:13:175:16 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:176:14:176:17 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
@@ -139,16 +165,16 @@ edges
| CollectionFlow.cs:175:13:175:16 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:179:29:179:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:175:13:175:16 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:180:30:180:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:175:20:175:56 | object creation of type Dictionary<Int32,A> : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:175:13:175:16 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:175:52:175:52 | access to local variable a : A | CollectionFlow.cs:175:20:175:56 | object creation of type Dictionary<Int32,A> : Dictionary<T,T> [element, property Value] : A | provenance | MaD:609 |
| CollectionFlow.cs:176:14:176:17 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:176:14:176:20 | access to indexer | provenance | MaD:610 |
| CollectionFlow.cs:175:52:175:52 | access to local variable a : A | CollectionFlow.cs:175:20:175:56 | object creation of type Dictionary<Int32,A> : Dictionary<T,T> [element, property Value] : A | provenance | MaD:5 |
| CollectionFlow.cs:176:14:176:17 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:176:14:176:20 | access to indexer | provenance | MaD:6 |
| CollectionFlow.cs:177:23:177:26 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:18:61:18:64 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:178:28:178:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:26:58:26:61 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:178:28:178:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:178:14:178:32 | call to method DictIndexZero<A> | provenance | MaD:610 |
| CollectionFlow.cs:178:28:178:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:178:14:178:32 | call to method DictIndexZero<A> | provenance | MaD:6 |
| CollectionFlow.cs:179:29:179:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:28:59:28:62 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:179:29:179:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:179:14:179:33 | call to method DictFirstValue<A> | provenance | MaD:1211 |
| CollectionFlow.cs:179:29:179:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:179:14:179:33 | call to method DictFirstValue<A> | provenance | MaD:16 |
| CollectionFlow.cs:180:30:180:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:60:30:63 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:180:30:180:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:180:14:180:34 | call to method DictValuesFirst<A> | provenance | MaD:601 |
| CollectionFlow.cs:180:30:180:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:180:14:180:34 | call to method DictValuesFirst<A> | provenance | MaD:612 |
| CollectionFlow.cs:180:30:180:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:180:14:180:34 | call to method DictValuesFirst<A> | provenance | MaD:2 |
| CollectionFlow.cs:180:30:180:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:180:14:180:34 | call to method DictValuesFirst<A> | provenance | MaD:8 |
| CollectionFlow.cs:195:13:195:13 | access to local variable a : A | CollectionFlow.cs:196:53:196:53 | access to local variable a : A | provenance | |
| CollectionFlow.cs:195:17:195:23 | object creation of type A : A | CollectionFlow.cs:195:13:195:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:196:13:196:16 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:197:14:197:17 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
@@ -157,16 +183,16 @@ edges
| CollectionFlow.cs:196:13:196:16 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:200:29:200:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:196:13:196:16 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:201:30:201:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:196:20:196:55 | object creation of type Dictionary<Int32,A> : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:196:13:196:16 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:196:53:196:53 | access to local variable a : A | CollectionFlow.cs:196:20:196:55 | object creation of type Dictionary<Int32,A> : Dictionary<T,T> [element, property Value] : A | provenance | MaD:614 |
| CollectionFlow.cs:197:14:197:17 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:197:14:197:20 | access to indexer | provenance | MaD:610 |
| CollectionFlow.cs:196:53:196:53 | access to local variable a : A | CollectionFlow.cs:196:20:196:55 | object creation of type Dictionary<Int32,A> : Dictionary<T,T> [element, property Value] : A | provenance | MaD:10 |
| CollectionFlow.cs:197:14:197:17 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:197:14:197:20 | access to indexer | provenance | MaD:6 |
| CollectionFlow.cs:198:23:198:26 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:18:61:18:64 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:199:28:199:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:26:58:26:61 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:199:28:199:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:199:14:199:32 | call to method DictIndexZero<A> | provenance | MaD:610 |
| CollectionFlow.cs:199:28:199:31 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:199:14:199:32 | call to method DictIndexZero<A> | provenance | MaD:6 |
| CollectionFlow.cs:200:29:200:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:28:59:28:62 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:200:29:200:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:200:14:200:33 | call to method DictFirstValue<A> | provenance | MaD:1211 |
| CollectionFlow.cs:200:29:200:32 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:200:14:200:33 | call to method DictFirstValue<A> | provenance | MaD:16 |
| CollectionFlow.cs:201:30:201:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:30:60:30:63 | dict : Dictionary<T,T> [element, property Value] : A | provenance | |
| CollectionFlow.cs:201:30:201:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:201:14:201:34 | call to method DictValuesFirst<A> | provenance | MaD:601 |
| CollectionFlow.cs:201:30:201:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:201:14:201:34 | call to method DictValuesFirst<A> | provenance | MaD:612 |
| CollectionFlow.cs:201:30:201:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:201:14:201:34 | call to method DictValuesFirst<A> | provenance | MaD:2 |
| CollectionFlow.cs:201:30:201:33 | access to local variable dict : Dictionary<T,T> [element, property Value] : A | CollectionFlow.cs:201:14:201:34 | call to method DictValuesFirst<A> | provenance | MaD:8 |
| CollectionFlow.cs:217:13:217:13 | access to local variable a : A | CollectionFlow.cs:218:49:218:49 | access to local variable a : A | provenance | |
| CollectionFlow.cs:217:17:217:23 | object creation of type A : A | CollectionFlow.cs:217:13:217:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:218:13:218:16 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:219:14:219:17 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | provenance | |
@@ -174,15 +200,15 @@ edges
| CollectionFlow.cs:218:13:218:16 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:221:28:221:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:218:13:218:16 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:222:27:222:30 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:218:20:218:56 | object creation of type Dictionary<A,Int32> : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:218:13:218:16 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:218:49:218:49 | access to local variable a : A | CollectionFlow.cs:218:20:218:56 | object creation of type Dictionary<A,Int32> : Dictionary<T,T> [element, property Key] : A | provenance | MaD:608 |
| CollectionFlow.cs:219:14:219:17 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:219:14:219:22 | access to property Keys : Dictionary<T,T>.KeyCollection [element] : A | provenance | MaD:600 |
| CollectionFlow.cs:219:14:219:22 | access to property Keys : Dictionary<T,T>.KeyCollection [element] : A | CollectionFlow.cs:219:14:219:30 | call to method First<A> | provenance | MaD:1211 |
| CollectionFlow.cs:218:49:218:49 | access to local variable a : A | CollectionFlow.cs:218:20:218:56 | object creation of type Dictionary<A,Int32> : Dictionary<T,T> [element, property Key] : A | provenance | MaD:4 |
| CollectionFlow.cs:219:14:219:17 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:219:14:219:22 | access to property Keys : Dictionary<T,T>.KeyCollection [element] : A | provenance | MaD:1 |
| CollectionFlow.cs:219:14:219:22 | access to property Keys : Dictionary<T,T>.KeyCollection [element] : A | CollectionFlow.cs:219:14:219:30 | call to method First<A> | provenance | MaD:16 |
| CollectionFlow.cs:220:21:220:24 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:20:59:20:62 | dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:221:28:221:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:58:32:61 | dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:221:28:221:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:221:14:221:32 | call to method DictKeysFirst<A> | provenance | MaD:600 |
| CollectionFlow.cs:221:28:221:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:221:14:221:32 | call to method DictKeysFirst<A> | provenance | MaD:611 |
| CollectionFlow.cs:221:28:221:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:221:14:221:32 | call to method DictKeysFirst<A> | provenance | MaD:1 |
| CollectionFlow.cs:221:28:221:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:221:14:221:32 | call to method DictKeysFirst<A> | provenance | MaD:7 |
| CollectionFlow.cs:222:27:222:30 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:34:57:34:60 | dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:222:27:222:30 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:222:14:222:31 | call to method DictFirstKey<A> | provenance | MaD:1211 |
| CollectionFlow.cs:222:27:222:30 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:222:14:222:31 | call to method DictFirstKey<A> | provenance | MaD:16 |
| CollectionFlow.cs:236:13:236:13 | access to local variable a : A | CollectionFlow.cs:237:48:237:48 | access to local variable a : A | provenance | |
| CollectionFlow.cs:236:17:236:23 | object creation of type A : A | CollectionFlow.cs:236:13:236:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:237:13:237:16 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:238:14:238:17 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | provenance | |
@@ -190,15 +216,15 @@ edges
| CollectionFlow.cs:237:13:237:16 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:240:28:240:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:237:13:237:16 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:241:27:241:30 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:237:20:237:55 | object creation of type Dictionary<A,Int32> : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:237:13:237:16 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:237:48:237:48 | access to local variable a : A | CollectionFlow.cs:237:20:237:55 | object creation of type Dictionary<A,Int32> : Dictionary<T,T> [element, property Key] : A | provenance | MaD:613 |
| CollectionFlow.cs:238:14:238:17 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:238:14:238:22 | access to property Keys : Dictionary<T,T>.KeyCollection [element] : A | provenance | MaD:600 |
| CollectionFlow.cs:238:14:238:22 | access to property Keys : Dictionary<T,T>.KeyCollection [element] : A | CollectionFlow.cs:238:14:238:30 | call to method First<A> | provenance | MaD:1211 |
| CollectionFlow.cs:237:48:237:48 | access to local variable a : A | CollectionFlow.cs:237:20:237:55 | object creation of type Dictionary<A,Int32> : Dictionary<T,T> [element, property Key] : A | provenance | MaD:9 |
| CollectionFlow.cs:238:14:238:17 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:238:14:238:22 | access to property Keys : Dictionary<T,T>.KeyCollection [element] : A | provenance | MaD:1 |
| CollectionFlow.cs:238:14:238:22 | access to property Keys : Dictionary<T,T>.KeyCollection [element] : A | CollectionFlow.cs:238:14:238:30 | call to method First<A> | provenance | MaD:16 |
| CollectionFlow.cs:239:21:239:24 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:20:59:20:62 | dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:240:28:240:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:32:58:32:61 | dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:240:28:240:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:240:14:240:32 | call to method DictKeysFirst<A> | provenance | MaD:600 |
| CollectionFlow.cs:240:28:240:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:240:14:240:32 | call to method DictKeysFirst<A> | provenance | MaD:611 |
| CollectionFlow.cs:240:28:240:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:240:14:240:32 | call to method DictKeysFirst<A> | provenance | MaD:1 |
| CollectionFlow.cs:240:28:240:31 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:240:14:240:32 | call to method DictKeysFirst<A> | provenance | MaD:7 |
| CollectionFlow.cs:241:27:241:30 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:34:57:34:60 | dict : Dictionary<T,T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:241:27:241:30 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:241:14:241:31 | call to method DictFirstKey<A> | provenance | MaD:1211 |
| CollectionFlow.cs:241:27:241:30 | access to local variable dict : Dictionary<T,T> [element, property Key] : A | CollectionFlow.cs:241:14:241:31 | call to method DictFirstKey<A> | provenance | MaD:16 |
| CollectionFlow.cs:255:13:255:13 | access to local variable a : A | CollectionFlow.cs:256:27:256:27 | access to local variable a : A | provenance | |
| CollectionFlow.cs:255:17:255:23 | object creation of type A : A | CollectionFlow.cs:255:13:255:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:256:13:256:15 | access to local variable as : null [element] : A | CollectionFlow.cs:257:27:257:29 | access to local variable as : null [element] : A | provenance | |
@@ -211,23 +237,23 @@ edges
| CollectionFlow.cs:271:25:271:29 | { ..., ... } : null [element] : A | CollectionFlow.cs:271:13:271:15 | access to local variable as : null [element] : A | provenance | |
| CollectionFlow.cs:271:27:271:27 | access to local variable a : A | CollectionFlow.cs:271:25:271:29 | { ..., ... } : null [element] : A | provenance | |
| CollectionFlow.cs:272:13:272:22 | access to local variable enumerator : IEnumerator [property Current] : A | CollectionFlow.cs:274:18:274:27 | access to local variable enumerator : IEnumerator [property Current] : A | provenance | |
| CollectionFlow.cs:272:26:272:28 | access to local variable as : null [element] : A | CollectionFlow.cs:272:26:272:44 | call to method GetEnumerator : IEnumerator [property Current] : A | provenance | MaD:811 |
| CollectionFlow.cs:272:26:272:28 | access to local variable as : null [element] : A | CollectionFlow.cs:272:26:272:44 | call to method GetEnumerator : IEnumerator [property Current] : A | provenance | MaD:15 |
| CollectionFlow.cs:272:26:272:44 | call to method GetEnumerator : IEnumerator [property Current] : A | CollectionFlow.cs:272:13:272:22 | access to local variable enumerator : IEnumerator [property Current] : A | provenance | |
| CollectionFlow.cs:274:18:274:27 | access to local variable enumerator : IEnumerator [property Current] : A | CollectionFlow.cs:274:18:274:35 | access to property Current | provenance | |
| CollectionFlow.cs:287:13:287:13 | access to local variable a : A | CollectionFlow.cs:289:18:289:18 | access to local variable a : A | provenance | |
| CollectionFlow.cs:287:17:287:23 | object creation of type A : A | CollectionFlow.cs:287:13:287:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:289:9:289:12 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:290:26:290:29 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:289:18:289:18 | access to local variable a : A | CollectionFlow.cs:289:9:289:12 | [post] access to local variable list : List<T> [element] : A | provenance | MaD:605 |
| CollectionFlow.cs:289:18:289:18 | access to local variable a : A | CollectionFlow.cs:289:9:289:12 | [post] access to local variable list : List<T> [element] : A | provenance | MaD:3 |
| CollectionFlow.cs:290:13:290:22 | access to local variable enumerator : List<T>.Enumerator [property Current] : A | CollectionFlow.cs:292:18:292:27 | access to local variable enumerator : List<T>.Enumerator [property Current] : A | provenance | |
| CollectionFlow.cs:290:26:290:29 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:290:26:290:45 | call to method GetEnumerator : List<T>.Enumerator [property Current] : A | provenance | MaD:634 |
| CollectionFlow.cs:290:26:290:29 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:290:26:290:45 | call to method GetEnumerator : List<T>.Enumerator [property Current] : A | provenance | MaD:14 |
| CollectionFlow.cs:290:26:290:45 | call to method GetEnumerator : List<T>.Enumerator [property Current] : A | CollectionFlow.cs:290:13:290:22 | access to local variable enumerator : List<T>.Enumerator [property Current] : A | provenance | |
| CollectionFlow.cs:292:18:292:27 | access to local variable enumerator : List<T>.Enumerator [property Current] : A | CollectionFlow.cs:292:18:292:35 | access to property Current | provenance | |
| CollectionFlow.cs:306:13:306:13 | access to local variable a : A | CollectionFlow.cs:308:43:308:43 | access to local variable a : A | provenance | |
| CollectionFlow.cs:306:17:306:23 | object creation of type A : A | CollectionFlow.cs:306:13:306:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:308:9:308:12 | [post] access to local variable list : List<T> [element, property Key] : A | CollectionFlow.cs:309:9:309:12 | access to local variable list : List<T> [element, property Key] : A | provenance | |
| CollectionFlow.cs:308:18:308:47 | object creation of type KeyValuePair<A,Int32> : KeyValuePair<T,T> [property Key] : A | CollectionFlow.cs:308:9:308:12 | [post] access to local variable list : List<T> [element, property Key] : A | provenance | MaD:605 |
| CollectionFlow.cs:308:43:308:43 | access to local variable a : A | CollectionFlow.cs:308:18:308:47 | object creation of type KeyValuePair<A,Int32> : KeyValuePair<T,T> [property Key] : A | provenance | MaD:620 |
| CollectionFlow.cs:309:9:309:12 | access to local variable list : List<T> [element, property Key] : A | CollectionFlow.cs:309:21:309:23 | kvp : KeyValuePair<T,T> [property Key] : A | provenance | MaD:1307 |
| CollectionFlow.cs:308:18:308:47 | object creation of type KeyValuePair<A,Int32> : KeyValuePair<T,T> [property Key] : A | CollectionFlow.cs:308:9:308:12 | [post] access to local variable list : List<T> [element, property Key] : A | provenance | MaD:3 |
| CollectionFlow.cs:308:43:308:43 | access to local variable a : A | CollectionFlow.cs:308:18:308:47 | object creation of type KeyValuePair<A,Int32> : KeyValuePair<T,T> [property Key] : A | provenance | MaD:13 |
| CollectionFlow.cs:309:9:309:12 | access to local variable list : List<T> [element, property Key] : A | CollectionFlow.cs:309:21:309:23 | kvp : KeyValuePair<T,T> [property Key] : A | provenance | MaD:17 |
| CollectionFlow.cs:309:21:309:23 | kvp : KeyValuePair<T,T> [property Key] : A | CollectionFlow.cs:311:18:311:20 | access to parameter kvp : KeyValuePair<T,T> [property Key] : A | provenance | |
| CollectionFlow.cs:311:18:311:20 | access to parameter kvp : KeyValuePair<T,T> [property Key] : A | CollectionFlow.cs:311:18:311:24 | access to property Key | provenance | |
| CollectionFlow.cs:328:32:328:38 | element : A | CollectionFlow.cs:328:55:328:61 | access to parameter element : A | provenance | |
@@ -246,18 +272,18 @@ edges
| CollectionFlow.cs:337:20:337:22 | access to local variable as : A[] [element] : A | CollectionFlow.cs:337:14:337:23 | call to method First<A> | provenance | |
| CollectionFlow.cs:350:34:350:40 | element : A | CollectionFlow.cs:350:55:350:61 | access to parameter element : A | provenance | |
| CollectionFlow.cs:350:46:350:49 | [post] access to parameter list : List<T> [element] : A | CollectionFlow.cs:350:26:350:29 | list [Return] : List<T> [element] : A | provenance | |
| CollectionFlow.cs:350:55:350:61 | access to parameter element : A | CollectionFlow.cs:350:46:350:49 | [post] access to parameter list : List<T> [element] : A | provenance | MaD:605 |
| CollectionFlow.cs:350:55:350:61 | access to parameter element : A | CollectionFlow.cs:350:46:350:49 | [post] access to parameter list : List<T> [element] : A | provenance | MaD:3 |
| CollectionFlow.cs:354:13:354:13 | access to local variable a : A | CollectionFlow.cs:356:23:356:23 | access to local variable a : A | provenance | |
| CollectionFlow.cs:354:17:354:23 | object creation of type A : A | CollectionFlow.cs:354:13:354:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:356:17:356:20 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:357:14:357:17 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:356:17:356:20 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:358:22:358:25 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:356:17:356:20 | [post] access to local variable list : List<T> [element] : A | CollectionFlow.cs:359:24:359:27 | access to local variable list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:356:23:356:23 | access to local variable a : A | CollectionFlow.cs:350:34:350:40 | element : A | provenance | |
| CollectionFlow.cs:356:23:356:23 | access to local variable a : A | CollectionFlow.cs:356:17:356:20 | [post] access to local variable list : List<T> [element] : A | provenance | MaD:605 |
| CollectionFlow.cs:357:14:357:17 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:357:14:357:20 | access to indexer | provenance | MaD:617 |
| CollectionFlow.cs:356:23:356:23 | access to local variable a : A | CollectionFlow.cs:356:17:356:20 | [post] access to local variable list : List<T> [element] : A | provenance | MaD:3 |
| CollectionFlow.cs:357:14:357:17 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:357:14:357:20 | access to indexer | provenance | MaD:11 |
| CollectionFlow.cs:358:22:358:25 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:16:49:16:52 | list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:359:24:359:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:24:43:24:46 | list : List<T> [element] : A | provenance | |
| CollectionFlow.cs:359:24:359:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:359:14:359:28 | call to method ListFirst<A> | provenance | MaD:617 |
| CollectionFlow.cs:359:24:359:27 | access to local variable list : List<T> [element] : A | CollectionFlow.cs:359:14:359:28 | call to method ListFirst<A> | provenance | MaD:11 |
| CollectionFlow.cs:373:20:373:26 | object creation of type A : A | CollectionFlow.cs:36:49:36:52 | args : A[] [element] : A | provenance | |
| CollectionFlow.cs:374:26:374:32 | object creation of type A : A | CollectionFlow.cs:36:49:36:52 | args : A[] [element] : A | provenance | |
| CollectionFlow.cs:375:26:375:32 | object creation of type A : A | CollectionFlow.cs:36:49:36:52 | args : A[] [element] : A | provenance | |
@@ -280,7 +306,7 @@ edges
| CollectionFlow.cs:435:17:435:17 | access to local variable l : List<A> [element] : A | CollectionFlow.cs:436:14:436:14 | access to local variable l : List<A> [element] : A | provenance | |
| CollectionFlow.cs:435:21:435:23 | [...] : List<A> [element] : A | CollectionFlow.cs:435:17:435:17 | access to local variable l : List<A> [element] : A | provenance | |
| CollectionFlow.cs:435:22:435:22 | access to local variable a : A | CollectionFlow.cs:435:21:435:23 | [...] : List<A> [element] : A | provenance | |
| CollectionFlow.cs:436:14:436:14 | access to local variable l : List<A> [element] : A | CollectionFlow.cs:436:14:436:17 | access to indexer | provenance | MaD:617 |
| CollectionFlow.cs:436:14:436:14 | access to local variable l : List<A> [element] : A | CollectionFlow.cs:436:14:436:17 | access to indexer | provenance | MaD:11 |
| CollectionFlow.cs:447:13:447:13 | access to local variable a : A | CollectionFlow.cs:448:21:448:21 | access to local variable a : A | provenance | |
| CollectionFlow.cs:447:17:447:23 | object creation of type A : A | CollectionFlow.cs:447:13:447:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:448:13:448:16 | access to local variable temp : A[] [element] : A | CollectionFlow.cs:449:22:449:28 | .. access to local variable temp : A[] [element] : A | provenance | |
@@ -293,38 +319,38 @@ edges
| CollectionFlow.cs:487:17:487:23 | object creation of type A : A | CollectionFlow.cs:487:13:487:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:488:17:488:20 | access to local variable span : Span<T> [element] : A | CollectionFlow.cs:489:14:489:17 | access to local variable span : Span<T> [element] : A | provenance | |
| CollectionFlow.cs:488:24:488:41 | object creation of type Span<A> : Span<T> [element] : A | CollectionFlow.cs:488:17:488:20 | access to local variable span : Span<T> [element] : A | provenance | |
| CollectionFlow.cs:488:40:488:40 | access to local variable a : A | CollectionFlow.cs:488:24:488:41 | object creation of type Span<A> : Span<T> [element] : A | provenance | MaD:2653 |
| CollectionFlow.cs:489:14:489:17 | access to local variable span : Span<T> [element] : A | CollectionFlow.cs:489:14:489:20 | access to indexer | provenance | MaD:2649 |
| CollectionFlow.cs:488:40:488:40 | access to local variable a : A | CollectionFlow.cs:488:24:488:41 | object creation of type Span<A> : Span<T> [element] : A | provenance | MaD:23 |
| CollectionFlow.cs:489:14:489:17 | access to local variable span : Span<T> [element] : A | CollectionFlow.cs:489:14:489:20 | access to indexer | provenance | MaD:22 |
| CollectionFlow.cs:494:13:494:13 | access to local variable a : A | CollectionFlow.cs:495:40:495:40 | access to local variable a : A | provenance | |
| CollectionFlow.cs:494:17:494:23 | object creation of type A : A | CollectionFlow.cs:494:13:494:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:495:17:495:20 | access to local variable span : Span<T> [element] : A | CollectionFlow.cs:496:19:496:22 | access to local variable span : Span<T> [element] : A | provenance | |
| CollectionFlow.cs:495:24:495:41 | object creation of type Span<A> : Span<T> [element] : A | CollectionFlow.cs:495:17:495:20 | access to local variable span : Span<T> [element] : A | provenance | |
| CollectionFlow.cs:495:40:495:40 | access to local variable a : A | CollectionFlow.cs:495:24:495:41 | object creation of type Span<A> : Span<T> [element] : A | provenance | MaD:2653 |
| CollectionFlow.cs:495:40:495:40 | access to local variable a : A | CollectionFlow.cs:495:24:495:41 | object creation of type Span<A> : Span<T> [element] : A | provenance | MaD:23 |
| CollectionFlow.cs:496:13:496:15 | access to local variable arr : T[] [element] : A | CollectionFlow.cs:497:14:497:16 | access to local variable arr : T[] [element] : A | provenance | |
| CollectionFlow.cs:496:19:496:22 | access to local variable span : Span<T> [element] : A | CollectionFlow.cs:496:19:496:32 | call to method ToArray : T[] [element] : A | provenance | MaD:2656 |
| CollectionFlow.cs:496:19:496:22 | access to local variable span : Span<T> [element] : A | CollectionFlow.cs:496:19:496:32 | call to method ToArray : T[] [element] : A | provenance | MaD:25 |
| CollectionFlow.cs:496:19:496:32 | call to method ToArray : T[] [element] : A | CollectionFlow.cs:496:13:496:15 | access to local variable arr : T[] [element] : A | provenance | |
| CollectionFlow.cs:497:14:497:16 | access to local variable arr : T[] [element] : A | CollectionFlow.cs:497:14:497:19 | access to array element | provenance | |
| CollectionFlow.cs:502:13:502:13 | access to local variable a : A | CollectionFlow.cs:503:21:503:21 | access to local variable a : A | provenance | |
| CollectionFlow.cs:502:17:502:23 | object creation of type A : A | CollectionFlow.cs:502:13:502:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:503:9:503:14 | [post] access to parameter target : Span<T> [element] : A | CollectionFlow.cs:504:14:504:19 | access to parameter target : Span<T> [element] : A | provenance | |
| CollectionFlow.cs:503:21:503:21 | access to local variable a : A | CollectionFlow.cs:503:9:503:14 | [post] access to parameter target : Span<T> [element] : A | provenance | MaD:2648 |
| CollectionFlow.cs:504:14:504:19 | access to parameter target : Span<T> [element] : A | CollectionFlow.cs:504:14:504:22 | access to indexer | provenance | MaD:2649 |
| CollectionFlow.cs:503:21:503:21 | access to local variable a : A | CollectionFlow.cs:503:9:503:14 | [post] access to parameter target : Span<T> [element] : A | provenance | MaD:21 |
| CollectionFlow.cs:504:14:504:19 | access to parameter target : Span<T> [element] : A | CollectionFlow.cs:504:14:504:22 | access to indexer | provenance | MaD:22 |
| CollectionFlow.cs:509:13:509:18 | access to local variable source : Span<T> [element] : A | CollectionFlow.cs:510:9:510:14 | access to local variable source : Span<T> [element] : A | provenance | |
| CollectionFlow.cs:509:22:509:51 | object creation of type Span<A> : Span<T> [element] : A | CollectionFlow.cs:509:13:509:18 | access to local variable source : Span<T> [element] : A | provenance | |
| CollectionFlow.cs:509:34:509:50 | array creation of type A[] : null [element] : A | CollectionFlow.cs:509:22:509:51 | object creation of type Span<A> : Span<T> [element] : A | provenance | MaD:2654 |
| CollectionFlow.cs:509:34:509:50 | array creation of type A[] : null [element] : A | CollectionFlow.cs:509:22:509:51 | object creation of type Span<A> : Span<T> [element] : A | provenance | MaD:24 |
| CollectionFlow.cs:509:40:509:50 | { ..., ... } : null [element] : A | CollectionFlow.cs:509:34:509:50 | array creation of type A[] : null [element] : A | provenance | |
| CollectionFlow.cs:509:42:509:48 | object creation of type A : A | CollectionFlow.cs:509:40:509:50 | { ..., ... } : null [element] : A | provenance | |
| CollectionFlow.cs:510:9:510:14 | access to local variable source : Span<T> [element] : A | CollectionFlow.cs:510:23:510:28 | [post] access to parameter target : Span<T> [element] : A | provenance | MaD:2647 |
| CollectionFlow.cs:510:9:510:14 | access to local variable source : Span<T> [element] : A | CollectionFlow.cs:510:23:510:28 | [post] access to parameter target : Span<T> [element] : A | provenance | MaD:20 |
| CollectionFlow.cs:510:23:510:28 | [post] access to parameter target : Span<T> [element] : A | CollectionFlow.cs:511:14:511:19 | access to parameter target : Span<T> [element] : A | provenance | |
| CollectionFlow.cs:511:14:511:19 | access to parameter target : Span<T> [element] : A | CollectionFlow.cs:511:14:511:22 | access to indexer | provenance | MaD:2649 |
| CollectionFlow.cs:511:14:511:19 | access to parameter target : Span<T> [element] : A | CollectionFlow.cs:511:14:511:22 | access to indexer | provenance | MaD:22 |
| CollectionFlow.cs:516:13:516:13 | access to local variable a : A | CollectionFlow.cs:517:60:517:60 | access to local variable a : A | provenance | |
| CollectionFlow.cs:516:17:516:23 | object creation of type A : A | CollectionFlow.cs:516:13:516:13 | access to local variable a : A | provenance | |
| CollectionFlow.cs:517:25:517:28 | access to local variable span : ReadOnlySpan<T> [element] : A | CollectionFlow.cs:518:14:518:17 | access to local variable span : ReadOnlySpan<T> [element] : A | provenance | |
| CollectionFlow.cs:517:32:517:63 | object creation of type ReadOnlySpan<A> : ReadOnlySpan<T> [element] : A | CollectionFlow.cs:517:25:517:28 | access to local variable span : ReadOnlySpan<T> [element] : A | provenance | |
| CollectionFlow.cs:517:52:517:62 | array creation of type A[] : null [element] : A | CollectionFlow.cs:517:32:517:63 | object creation of type ReadOnlySpan<A> : ReadOnlySpan<T> [element] : A | provenance | MaD:2642 |
| CollectionFlow.cs:517:52:517:62 | array creation of type A[] : null [element] : A | CollectionFlow.cs:517:32:517:63 | object creation of type ReadOnlySpan<A> : ReadOnlySpan<T> [element] : A | provenance | MaD:19 |
| CollectionFlow.cs:517:58:517:62 | { ..., ... } : null [element] : A | CollectionFlow.cs:517:52:517:62 | array creation of type A[] : null [element] : A | provenance | |
| CollectionFlow.cs:517:60:517:60 | access to local variable a : A | CollectionFlow.cs:517:58:517:62 | { ..., ... } : null [element] : A | provenance | |
| CollectionFlow.cs:518:14:518:17 | access to local variable span : ReadOnlySpan<T> [element] : A | CollectionFlow.cs:518:14:518:20 | access to indexer | provenance | MaD:2637 |
| CollectionFlow.cs:518:14:518:17 | access to local variable span : ReadOnlySpan<T> [element] : A | CollectionFlow.cs:518:14:518:20 | access to indexer | provenance | MaD:18 |
nodes
| CollectionFlow.cs:14:40:14:41 | ts : A[] [element] : A | semmle.label | ts : A[] [element] : A |
| CollectionFlow.cs:14:40:14:41 | ts : null [element] : A | semmle.label | ts : null [element] : A |

2
csharp/ql/test/library-tests/dataflow/collections/CollectionFlow.ql
View File

@@ -3,7 +3,7 @@
*/
import csharp
import ArrayFlow::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<ArrayFlow::PathNode, ArrayFlow::PathGraph>
module ArrayFlowConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node src) { src.asExpr() instanceof ObjectCreation }

82
csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.expected
View File

@@ -1,101 +1,126 @@
invalidModelRow
models
| 1 | Summary: My.Qltest; D; false; StepArgRes; (System.Object); ; Argument[0]; ReturnValue; taint; manual |
| 2 | Summary: My.Qltest; D; false; StepArgArg; (System.Object,System.Object); ; Argument[0]; Argument[1]; taint; manual |
| 3 | Summary: My.Qltest; D; false; StepArgQual; (System.Object); ; Argument[0]; Argument[this]; taint; manual |
| 4 | Summary: My.Qltest; D; false; StepFieldGetter; (); ; Argument[this].Field[My.Qltest.D.Field]; ReturnValue; value; manual |
| 5 | Summary: My.Qltest; D; false; StepFieldSetter; (System.Object); ; Argument[0]; Argument[this].Field[My.Qltest.D.Field]; value; manual |
| 6 | Summary: My.Qltest; D; false; StepFieldSetter; (System.Object); ; Argument[this]; ReturnValue.Field[My.Qltest.D.Field2]; value; manual |
| 7 | Summary: My.Qltest; D; false; StepPropertyGetter; (); ; Argument[this].Property[My.Qltest.D.Property]; ReturnValue; value; manual |
| 8 | Summary: My.Qltest; D; false; StepPropertySetter; (System.Object); ; Argument[0]; Argument[this].Property[My.Qltest.D.Property]; value; manual |
| 9 | Summary: My.Qltest; D; false; StepElementGetter; (); ; Argument[this].Element; ReturnValue; value; manual |
| 10 | Summary: My.Qltest; D; false; StepElementSetter; (System.Object); ; Argument[0]; Argument[this].Element; value; manual |
| 11 | Summary: My.Qltest; D; false; Apply<S,T>; (System.Func<S,T>,S); ; Argument[1]; Argument[0].Parameter[0]; value; manual |
| 12 | Summary: My.Qltest; D; false; Apply<S,T>; (System.Func<S,T>,S); ; Argument[0].ReturnValue; ReturnValue; value; manual |
| 13 | Summary: My.Qltest; D; false; Apply2; (System.Action<System.Object>,My.Qltest.D,My.Qltest.D); ; Argument[1].Field[My.Qltest.D.Field]; Argument[0].Parameter[0]; value; manual |
| 14 | Summary: My.Qltest; D; false; Map<S,T>; (S[],System.Func<S,T>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual |
| 15 | Summary: My.Qltest; D; false; Map<S,T>; (S[],System.Func<S,T>); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual |
| 16 | Summary: My.Qltest; D; false; Parse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual |
| 17 | Summary: My.Qltest; D; false; Reverse; (System.Object[]); ; Argument[0].WithElement; ReturnValue; value; manual |
| 18 | Summary: My.Qltest; E; true; get_MyProp; (); ; Argument[this].Field[My.Qltest.E.MyField]; ReturnValue; value; manual |
| 19 | Summary: My.Qltest; E; true; set_MyProp; (System.Object); ; Argument[0]; Argument[this].Field[My.Qltest.E.MyField]; value; manual |
| 20 | Summary: My.Qltest; Library; false; MixedFlowArgs; (System.Object,System.Object); ; Argument[1]; ReturnValue; value; manual |
| 21 | Summary: My.Qltest; Library; false; GeneratedFlowWithGeneratedNeutral; (System.Object); ; Argument[0]; ReturnValue; value; df-generated |
| 22 | Summary: My.Qltest; HE; false; ExtensionMethod; (My.Qltest.HI); ; Argument[0]; ReturnValue; value; manual |
| 23 | Summary: My.Qltest; I; false; GetFirst; (My.Qltest.MyInlineArray); ; Argument[0].Element; ReturnValue; value; manual |
| 24 | Summary: My.Qltest; J; false; get_Prop1; (); ; Argument[this]; ReturnValue; value; manual |
| 25 | Summary: My.Qltest; J; false; SetProp1; (System.Object); ; Argument[0]; Argument[this]; value; manual |
edges
| ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | provenance | |
| ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | provenance | |
| ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | provenance | MaD:52966 |
| ExternalFlow.cs:10:29:10:32 | access to local variable arg1 : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | provenance | MaD:1 |
| ExternalFlow.cs:15:20:15:25 | access to local variable argIn1 : Object | ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | provenance | |
| ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | ExternalFlow.cs:15:20:15:25 | access to local variable argIn1 : Object | provenance | |
| ExternalFlow.cs:16:20:16:26 | access to local variable argOut1 : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | provenance | |
| ExternalFlow.cs:16:30:16:41 | object creation of type Object : Object | ExternalFlow.cs:16:20:16:26 | access to local variable argOut1 : Object | provenance | |
| ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | provenance | MaD:52967 |
| ExternalFlow.cs:17:24:17:29 | access to local variable argIn1 : Object | ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | provenance | MaD:2 |
| ExternalFlow.cs:17:32:17:38 | [post] access to local variable argOut1 : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | provenance | |
| ExternalFlow.cs:23:20:23:23 | access to local variable arg2 : Object | ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | provenance | |
| ExternalFlow.cs:23:27:23:38 | object creation of type Object : Object | ExternalFlow.cs:23:20:23:23 | access to local variable arg2 : Object | provenance | |
| ExternalFlow.cs:24:13:24:29 | [post] this access : D | ExternalFlow.cs:25:18:25:21 | this access | provenance | |
| ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | ExternalFlow.cs:24:13:24:29 | [post] this access : D | provenance | MaD:52968 |
| ExternalFlow.cs:24:25:24:28 | access to local variable arg2 : Object | ExternalFlow.cs:24:13:24:29 | [post] this access : D | provenance | MaD:3 |
| ExternalFlow.cs:30:13:30:16 | [post] this access : D [field Field] : Object | ExternalFlow.cs:31:18:31:21 | this access : D [field Field] : Object | provenance | |
| ExternalFlow.cs:30:26:30:37 | object creation of type Object : Object | ExternalFlow.cs:30:13:30:16 | [post] this access : D [field Field] : Object | provenance | |
| ExternalFlow.cs:31:18:31:21 | this access : D [field Field] : Object | ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter | provenance | MaD:52969 |
| ExternalFlow.cs:31:18:31:21 | this access : D [field Field] : Object | ExternalFlow.cs:31:18:31:39 | call to method StepFieldGetter | provenance | MaD:4 |
| ExternalFlow.cs:36:19:36:62 | (...) ... : D [field Field] : Object | ExternalFlow.cs:36:18:36:69 | access to field Field | provenance | |
| ExternalFlow.cs:36:22:36:25 | [post] this access : D [field Field] : Object | ExternalFlow.cs:37:18:37:21 | this access : D [field Field] : Object | provenance | |
| ExternalFlow.cs:36:22:36:55 | call to method StepFieldSetter : D [field Field2, field Field] : Object | ExternalFlow.cs:36:22:36:62 | access to field Field2 : Object [field Field] : Object | provenance | |
| ExternalFlow.cs:36:22:36:62 | access to field Field2 : Object [field Field] : Object | ExternalFlow.cs:36:19:36:62 | (...) ... : D [field Field] : Object | provenance | |
| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:25 | [post] this access : D [field Field] : Object | provenance | MaD:52970 |
| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:55 | call to method StepFieldSetter : D [field Field2, field Field] : Object | provenance | MaD:52970+MaD:52971 |
| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:25 | [post] this access : D [field Field] : Object | provenance | MaD:5 |
| ExternalFlow.cs:36:43:36:54 | object creation of type Object : Object | ExternalFlow.cs:36:22:36:55 | call to method StepFieldSetter : D [field Field2, field Field] : Object | provenance | MaD:5+MaD:6 |
| ExternalFlow.cs:37:18:37:21 | this access : D [field Field] : Object | ExternalFlow.cs:37:18:37:27 | access to field Field | provenance | |
| ExternalFlow.cs:42:13:42:16 | [post] this access : D [property Property] : Object | ExternalFlow.cs:43:18:43:21 | this access : D [property Property] : Object | provenance | |
| ExternalFlow.cs:42:29:42:40 | object creation of type Object : Object | ExternalFlow.cs:42:13:42:16 | [post] this access : D [property Property] : Object | provenance | |
| ExternalFlow.cs:43:18:43:21 | this access : D [property Property] : Object | ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter | provenance | MaD:52972 |
| ExternalFlow.cs:43:18:43:21 | this access : D [property Property] : Object | ExternalFlow.cs:43:18:43:42 | call to method StepPropertyGetter | provenance | MaD:7 |
| ExternalFlow.cs:48:13:48:16 | [post] this access : D [property Property] : Object | ExternalFlow.cs:49:18:49:21 | this access : D [property Property] : Object | provenance | |
| ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | ExternalFlow.cs:48:13:48:16 | [post] this access : D [property Property] : Object | provenance | MaD:52973 |
| ExternalFlow.cs:48:37:48:48 | object creation of type Object : Object | ExternalFlow.cs:48:13:48:16 | [post] this access : D [property Property] : Object | provenance | MaD:8 |
| ExternalFlow.cs:49:18:49:21 | this access : D [property Property] : Object | ExternalFlow.cs:49:18:49:30 | access to property Property | provenance | |
| ExternalFlow.cs:54:13:54:16 | [post] this access : D [element] : Object | ExternalFlow.cs:55:18:55:21 | this access : D [element] : Object | provenance | |
| ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | ExternalFlow.cs:54:13:54:16 | [post] this access : D [element] : Object | provenance | MaD:52975 |
| ExternalFlow.cs:55:18:55:21 | this access : D [element] : Object | ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter | provenance | MaD:52974 |
| ExternalFlow.cs:54:36:54:47 | object creation of type Object : Object | ExternalFlow.cs:54:13:54:16 | [post] this access : D [element] : Object | provenance | MaD:10 |
| ExternalFlow.cs:55:18:55:21 | this access : D [element] : Object | ExternalFlow.cs:55:18:55:41 | call to method StepElementGetter | provenance | MaD:9 |
| ExternalFlow.cs:60:35:60:35 | o : Object | ExternalFlow.cs:60:47:60:47 | access to parameter o | provenance | |
| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:60:35:60:35 | o : Object | provenance | MaD:52976 |
| ExternalFlow.cs:60:64:60:75 | object creation of type Object : Object | ExternalFlow.cs:60:35:60:35 | o : Object | provenance | MaD:11 |
| ExternalFlow.cs:65:17:65:17 | access to local variable o : Object | ExternalFlow.cs:66:18:66:18 | access to local variable o | provenance | |
| ExternalFlow.cs:65:21:65:60 | call to method Apply<Int32,Object> : Object | ExternalFlow.cs:65:17:65:17 | access to local variable o : Object | provenance | |
| ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | ExternalFlow.cs:65:21:65:60 | call to method Apply<Int32,Object> : Object | provenance | MaD:52977 |
| ExternalFlow.cs:65:45:65:56 | object creation of type Object : Object | ExternalFlow.cs:65:21:65:60 | call to method Apply<Int32,Object> : Object | provenance | MaD:12 |
| ExternalFlow.cs:71:17:71:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:72:17:72:20 | access to local variable objs : null [element] : Object | provenance | |
| ExternalFlow.cs:71:30:71:45 | { ..., ... } : null [element] : Object | ExternalFlow.cs:71:17:71:20 | access to local variable objs : null [element] : Object | provenance | |
| ExternalFlow.cs:71:32:71:43 | object creation of type Object : Object | ExternalFlow.cs:71:30:71:45 | { ..., ... } : null [element] : Object | provenance | |
| ExternalFlow.cs:72:17:72:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:72:23:72:23 | o : Object | provenance | MaD:52980 |
| ExternalFlow.cs:72:17:72:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:72:23:72:23 | o : Object | provenance | MaD:14 |
| ExternalFlow.cs:72:23:72:23 | o : Object | ExternalFlow.cs:72:35:72:35 | access to parameter o | provenance | |
| ExternalFlow.cs:77:17:77:20 | access to local variable objs : T[] [element] : Object | ExternalFlow.cs:78:18:78:21 | access to local variable objs : T[] [element] : Object | provenance | |
| ExternalFlow.cs:77:24:77:58 | call to method Map<Int32,Object> : T[] [element] : Object | ExternalFlow.cs:77:17:77:20 | access to local variable objs : T[] [element] : Object | provenance | |
| ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:77:24:77:58 | call to method Map<Int32,Object> : T[] [element] : Object | provenance | MaD:52981 |
| ExternalFlow.cs:77:46:77:57 | object creation of type Object : Object | ExternalFlow.cs:77:24:77:58 | call to method Map<Int32,Object> : T[] [element] : Object | provenance | MaD:15 |
| ExternalFlow.cs:78:18:78:21 | access to local variable objs : T[] [element] : Object | ExternalFlow.cs:78:18:78:24 | access to array element | provenance | |
| ExternalFlow.cs:83:17:83:20 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | provenance | |
| ExternalFlow.cs:83:30:83:45 | { ..., ... } : null [element] : Object | ExternalFlow.cs:83:17:83:20 | access to local variable objs : null [element] : Object | provenance | |
| ExternalFlow.cs:83:32:83:43 | object creation of type Object : Object | ExternalFlow.cs:83:30:83:45 | { ..., ... } : null [element] : Object | provenance | |
| ExternalFlow.cs:84:17:84:21 | access to local variable objs2 : T[] [element] : Object | ExternalFlow.cs:85:18:85:22 | access to local variable objs2 : T[] [element] : Object | provenance | |
| ExternalFlow.cs:84:25:84:41 | call to method Map<Object,Object> : T[] [element] : Object | ExternalFlow.cs:84:17:84:21 | access to local variable objs2 : T[] [element] : Object | provenance | |
| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:25:84:41 | call to method Map<Object,Object> : T[] [element] : Object | provenance | MaD:52980 |
| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:35:84:35 | o : Object | provenance | MaD:52980 |
| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:25:84:41 | call to method Map<Object,Object> : T[] [element] : Object | provenance | MaD:14 |
| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:35:84:35 | o : Object | provenance | MaD:14 |
| ExternalFlow.cs:84:35:84:35 | o : Object | ExternalFlow.cs:84:40:84:40 | access to parameter o : Object | provenance | |
| ExternalFlow.cs:85:18:85:22 | access to local variable objs2 : T[] [element] : Object | ExternalFlow.cs:85:18:85:25 | access to array element | provenance | |
| ExternalFlow.cs:90:17:90:17 | access to local variable s : String | ExternalFlow.cs:91:19:91:19 | access to local variable s : String | provenance | |
| ExternalFlow.cs:90:21:90:34 | object creation of type String : String | ExternalFlow.cs:90:17:90:17 | access to local variable s : String | provenance | |
| ExternalFlow.cs:91:19:91:19 | access to local variable s : String | ExternalFlow.cs:91:30:91:30 | Int32 i : Int32 | provenance | MaD:52982 |
| ExternalFlow.cs:91:19:91:19 | access to local variable s : String | ExternalFlow.cs:91:30:91:30 | Int32 i : Int32 | provenance | MaD:16 |
| ExternalFlow.cs:91:30:91:30 | Int32 i : Int32 | ExternalFlow.cs:92:18:92:18 | (...) ... | provenance | |
| ExternalFlow.cs:98:13:98:14 | [post] access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:103:16:103:17 | access to local variable d1 : D [field Field] : Object | provenance | |
| ExternalFlow.cs:98:13:98:14 | [post] access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:104:18:104:19 | access to local variable d1 : D [field Field] : Object | provenance | |
| ExternalFlow.cs:98:24:98:35 | object creation of type Object : Object | ExternalFlow.cs:98:13:98:14 | [post] access to local variable d1 : D [field Field] : Object | provenance | |
| ExternalFlow.cs:100:20:100:20 | d : Object | ExternalFlow.cs:102:22:102:22 | access to parameter d | provenance | |
| ExternalFlow.cs:103:16:103:17 | access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:100:20:100:20 | d : Object | provenance | MaD:52978 |
| ExternalFlow.cs:103:16:103:17 | access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:100:20:100:20 | d : Object | provenance | MaD:13 |
| ExternalFlow.cs:104:18:104:19 | access to local variable d1 : D [field Field] : Object | ExternalFlow.cs:104:18:104:25 | access to field Field | provenance | |
| ExternalFlow.cs:111:13:111:13 | [post] access to local variable f : F [field MyField] : Object | ExternalFlow.cs:112:18:112:18 | access to local variable f : F [field MyField] : Object | provenance | |
| ExternalFlow.cs:111:24:111:35 | object creation of type Object : Object | ExternalFlow.cs:111:13:111:13 | [post] access to local variable f : F [field MyField] : Object | provenance | MaD:52985 |
| ExternalFlow.cs:112:18:112:18 | access to local variable f : F [field MyField] : Object | ExternalFlow.cs:112:18:112:25 | access to property MyProp | provenance | MaD:52984 |
| ExternalFlow.cs:111:24:111:35 | object creation of type Object : Object | ExternalFlow.cs:111:13:111:13 | [post] access to local variable f : F [field MyField] : Object | provenance | MaD:19 |
| ExternalFlow.cs:112:18:112:18 | access to local variable f : F [field MyField] : Object | ExternalFlow.cs:112:18:112:25 | access to property MyProp | provenance | MaD:18 |
| ExternalFlow.cs:117:17:117:17 | access to local variable a : null [element] : Object | ExternalFlow.cs:118:29:118:29 | access to local variable a : null [element] : Object | provenance | |
| ExternalFlow.cs:117:34:117:49 | { ..., ... } : null [element] : Object | ExternalFlow.cs:117:17:117:17 | access to local variable a : null [element] : Object | provenance | |
| ExternalFlow.cs:117:36:117:47 | object creation of type Object : Object | ExternalFlow.cs:117:34:117:49 | { ..., ... } : null [element] : Object | provenance | |
| ExternalFlow.cs:118:17:118:17 | access to local variable b : null [element] : Object | ExternalFlow.cs:120:18:120:18 | access to local variable b : null [element] : Object | provenance | |
| ExternalFlow.cs:118:21:118:30 | call to method Reverse : null [element] : Object | ExternalFlow.cs:118:17:118:17 | access to local variable b : null [element] : Object | provenance | |
| ExternalFlow.cs:118:29:118:29 | access to local variable a : null [element] : Object | ExternalFlow.cs:118:21:118:30 | call to method Reverse : null [element] : Object | provenance | MaD:52983 |
| ExternalFlow.cs:118:29:118:29 | access to local variable a : null [element] : Object | ExternalFlow.cs:118:21:118:30 | call to method Reverse : null [element] : Object | provenance | MaD:17 |
| ExternalFlow.cs:120:18:120:18 | access to local variable b : null [element] : Object | ExternalFlow.cs:120:18:120:21 | access to array element | provenance | |
| ExternalFlow.cs:205:17:205:18 | access to local variable o2 : Object | ExternalFlow.cs:206:46:206:47 | access to local variable o2 : Object | provenance | |
| ExternalFlow.cs:205:22:205:33 | object creation of type Object : Object | ExternalFlow.cs:205:17:205:18 | access to local variable o2 : Object | provenance | |
| ExternalFlow.cs:206:46:206:47 | access to local variable o2 : Object | ExternalFlow.cs:206:18:206:48 | call to method MixedFlowArgs | provenance | MaD:52990 |
| ExternalFlow.cs:206:46:206:47 | access to local variable o2 : Object | ExternalFlow.cs:206:18:206:48 | call to method MixedFlowArgs | provenance | MaD:20 |
| ExternalFlow.cs:211:17:211:18 | access to local variable o1 : Object | ExternalFlow.cs:212:60:212:61 | access to local variable o1 : Object | provenance | |
| ExternalFlow.cs:211:22:211:33 | object creation of type Object : Object | ExternalFlow.cs:211:17:211:18 | access to local variable o1 : Object | provenance | |
| ExternalFlow.cs:212:60:212:61 | access to local variable o1 : Object | ExternalFlow.cs:212:18:212:62 | call to method GeneratedFlowWithGeneratedNeutral | provenance | MaD:52991 |
| ExternalFlow.cs:212:60:212:61 | access to local variable o1 : Object | ExternalFlow.cs:212:18:212:62 | call to method GeneratedFlowWithGeneratedNeutral | provenance | MaD:21 |
| ExternalFlow.cs:238:17:238:17 | access to local variable h : HC | ExternalFlow.cs:239:21:239:21 | access to local variable h : HC | provenance | |
| ExternalFlow.cs:238:21:238:28 | object creation of type HC : HC | ExternalFlow.cs:238:17:238:17 | access to local variable h : HC | provenance | |
| ExternalFlow.cs:239:17:239:17 | access to local variable o : HC | ExternalFlow.cs:240:18:240:18 | access to local variable o | provenance | |
| ExternalFlow.cs:239:21:239:21 | access to local variable h : HC | ExternalFlow.cs:239:21:239:39 | call to method ExtensionMethod : HC | provenance | MaD:52993 |
| ExternalFlow.cs:239:21:239:21 | access to local variable h : HC | ExternalFlow.cs:239:21:239:39 | call to method ExtensionMethod : HC | provenance | MaD:22 |
| ExternalFlow.cs:239:21:239:39 | call to method ExtensionMethod : HC | ExternalFlow.cs:239:17:239:17 | access to local variable o : HC | provenance | |
| ExternalFlow.cs:256:13:256:13 | [post] access to parameter a : MyInlineArray [element] : Object | ExternalFlow.cs:257:30:257:30 | access to parameter a : MyInlineArray [element] : Object | provenance | |
| ExternalFlow.cs:256:20:256:31 | object creation of type Object : Object | ExternalFlow.cs:256:13:256:13 | [post] access to parameter a : MyInlineArray [element] : Object | provenance | |
| ExternalFlow.cs:257:17:257:17 | access to local variable b : Object | ExternalFlow.cs:258:18:258:18 | access to local variable b | provenance | |
| ExternalFlow.cs:257:21:257:31 | call to method GetFirst : Object | ExternalFlow.cs:257:17:257:17 | access to local variable b : Object | provenance | |
| ExternalFlow.cs:257:30:257:30 | access to parameter a : MyInlineArray [element] : Object | ExternalFlow.cs:257:21:257:31 | call to method GetFirst : Object | provenance | MaD:52994 |
| ExternalFlow.cs:257:30:257:30 | access to parameter a : MyInlineArray [element] : Object | ExternalFlow.cs:257:21:257:31 | call to method GetFirst : Object | provenance | MaD:23 |
| ExternalFlow.cs:278:17:278:17 | access to local variable j : Object | ExternalFlow.cs:279:22:279:22 | access to local variable j : Object | provenance | |
| ExternalFlow.cs:278:21:278:32 | object creation of type Object : Object | ExternalFlow.cs:278:17:278:17 | access to local variable j : Object | provenance | |
| ExternalFlow.cs:279:13:279:23 | [post] this access : J | ExternalFlow.cs:281:18:281:21 | this access : J | provenance | |
| ExternalFlow.cs:279:22:279:22 | access to local variable j : Object | ExternalFlow.cs:279:13:279:23 | [post] this access : J | provenance | MaD:52996 |
| ExternalFlow.cs:281:18:281:21 | this access : J | ExternalFlow.cs:281:18:281:27 | access to property Prop1 | provenance | MaD:52995 |
| ExternalFlow.cs:279:22:279:22 | access to local variable j : Object | ExternalFlow.cs:279:13:279:23 | [post] this access : J | provenance | MaD:25 |
| ExternalFlow.cs:281:18:281:21 | this access : J | ExternalFlow.cs:281:18:281:27 | access to property Prop1 | provenance | MaD:24 |
nodes
| ExternalFlow.cs:9:20:9:23 | access to local variable arg1 : Object | semmle.label | access to local variable arg1 : Object |
| ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | semmle.label | object creation of type Object : Object |
@@ -217,6 +242,7 @@ nodes
| ExternalFlow.cs:281:18:281:27 | access to property Prop1 | semmle.label | access to property Prop1 |
subpaths
| ExternalFlow.cs:84:29:84:32 | access to local variable objs : null [element] : Object | ExternalFlow.cs:84:35:84:35 | o : Object | ExternalFlow.cs:84:40:84:40 | access to parameter o : Object | ExternalFlow.cs:84:25:84:41 | call to method Map<Object,Object> : T[] [element] : Object |
invalidModelRow
#select
| ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | ExternalFlow.cs:10:18:10:33 | call to method StepArgRes | $@ | ExternalFlow.cs:9:27:9:38 | object creation of type Object : Object | object creation of type Object : Object |
| ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | ExternalFlow.cs:18:18:18:24 | access to local variable argOut1 | $@ | ExternalFlow.cs:15:29:15:40 | object creation of type Object : Object | object creation of type Object : Object |

2
csharp/ql/test/library-tests/dataflow/external-models/ExternalFlow.ql
View File

@@ -4,7 +4,7 @@
import csharp
import semmle.code.csharp.dataflow.internal.ExternalFlow
import Taint::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<Taint::PathNode, Taint::PathGraph>
import ModelValidation
module TaintConfig implements DataFlow::ConfigSig {

83
csharp/ql/test/library-tests/dataflow/global/DataFlowPath.expected
View File

@@ -1,3 +1,18 @@
models
| 1 | Summary: System.Collections.Generic; List<T>; false; ForEach; (System.Action<T>); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual |
| 2 | Summary: System.Linq; Enumerable; false; First<TSource>; (System.Collections.Generic.IEnumerable<TSource>); ; Argument[0].Element; ReturnValue; value; manual |
| 3 | Summary: System.Linq; Enumerable; false; Select<TSource,TResult>; (System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual |
| 4 | Summary: System.Linq; Enumerable; false; Select<TSource,TResult>; (System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual |
| 5 | Summary: System.Linq; Enumerable; false; Zip<TFirst,TSecond,TResult>; (System.Collections.Generic.IEnumerable<TFirst>,System.Collections.Generic.IEnumerable<TSecond>,System.Func<TFirst,TSecond,TResult>); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual |
| 6 | Summary: System.Linq; Enumerable; false; Zip<TFirst,TSecond,TResult>; (System.Collections.Generic.IEnumerable<TFirst>,System.Collections.Generic.IEnumerable<TSecond>,System.Func<TFirst,TSecond,TResult>); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual |
| 7 | Summary: System.Linq; Queryable; false; AsQueryable<TElement>; (System.Collections.Generic.IEnumerable<TElement>); ; Argument[0].Element; ReturnValue.Element; value; manual |
| 8 | Summary: System.Linq; Queryable; false; First<TSource>; (System.Linq.IQueryable<TSource>); ; Argument[0].Element; ReturnValue; value; manual |
| 9 | Summary: System.Linq; Queryable; false; Select<TSource,TResult>; (System.Linq.IQueryable<TSource>,System.Linq.Expressions.Expression<System.Func<TSource,TResult>>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual |
| 10 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual |
| 11 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual |
| 12 | Summary: System.Threading.Tasks; Task; false; Run<TResult>; (System.Func<TResult>); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual |
| 13 | Summary: System.Threading.Tasks; Task<TResult>; false; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual |
| 14 | Summary: System; Lazy<T>; false; Lazy; (System.Func<T>); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual |
edges
| Capture.cs:7:20:7:26 | tainted : String | Capture.cs:14:9:14:18 | access to local function CaptureIn1 : CaptureIn1 [captured tainted] : String | provenance | |
| Capture.cs:7:20:7:26 | tainted : String | Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | provenance | |
@@ -12,8 +27,8 @@ edges
| Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | Capture.cs:23:13:23:13 | access to local function M : M [captured tainted] : String | provenance | |
| Capture.cs:29:17:29:22 | access to local variable sink29 : String | Capture.cs:30:19:30:24 | access to local variable sink29 | provenance | |
| Capture.cs:29:26:29:32 | access to parameter tainted : String | Capture.cs:29:17:29:22 | access to local variable sink29 : String | provenance | |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:1307 |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:1308 |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:3 |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:4 |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | heuristic-callback |
| Capture.cs:50:50:50:55 | sink39 : String | Capture.cs:52:23:59:13 | (...) => ... : (...) => ... [captured sink39] : String | provenance | |
| Capture.cs:52:23:59:13 | (...) => ... : (...) => ... [captured sink39] : String | Capture.cs:350:34:350:34 | a : (...) => ... [captured sink39] : String | provenance | |
@@ -45,11 +60,11 @@ edges
| Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | Capture.cs:144:13:144:13 | access to local function M : M [captured tainted] : String | provenance | |
| Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | Capture.cs:146:9:146:23 | [post] access to local function CaptureThrough2 : CaptureThrough2 [captured sink34] : String | provenance | |
| Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | Capture.cs:156:15:156:20 | access to local variable sink35 | provenance | |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:1307 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:1308 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:3 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:4 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | heuristic-callback |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:1307 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:1308 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:3 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:4 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | heuristic-callback |
| Capture.cs:162:13:162:18 | access to local variable sink36 : String | Capture.cs:163:15:163:20 | access to local variable sink36 | provenance | |
| Capture.cs:162:22:162:36 | access to local function CaptureThrough4 : CaptureThrough4 [captured tainted] : String | Capture.cs:160:20:160:26 | access to parameter tainted : String | provenance | |
@@ -78,7 +93,7 @@ edges
| Capture.cs:223:31:223:44 | "taint source" : String | Capture.cs:223:28:223:45 | call to method M3 : (...) => ... [captured s] : String | provenance | |
| Capture.cs:228:17:228:30 | "taint source" : String | Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | provenance | |
| Capture.cs:228:17:228:30 | "taint source" : String | Capture.cs:234:15:234:15 | access to local variable x | provenance | |
| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | MaD:633 |
| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | MaD:1 |
| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | heuristic-callback |
| Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | Capture.cs:234:15:234:15 | access to local variable x | provenance | |
| Capture.cs:232:17:232:30 | "taint source" : String | Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | provenance | |
@@ -239,7 +254,7 @@ edges
| GlobalDataFlow.cs:79:30:79:34 | access to local variable sink3 : String | GlobalDataFlow.cs:139:29:139:33 | access to local variable sink3 : String | provenance | |
| GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | GlobalDataFlow.cs:82:15:82:20 | access to local variable sink13 | provenance | |
| GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | provenance | |
| GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:81:22:81:93 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:81:22:81:93 | call to method First<String> : String | provenance | MaD:2 |
| GlobalDataFlow.cs:81:22:81:93 | call to method First<String> : String | GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | provenance | |
| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven<String,String> : IEnumerable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | provenance | |
@@ -248,26 +263,26 @@ edges
| GlobalDataFlow.cs:81:79:81:79 | x : String | GlobalDataFlow.cs:81:84:81:84 | access to parameter x : String | provenance | |
| GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:84:15:84:20 | access to local variable sink14 | provenance | |
| GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:85:59:85:64 | access to local variable sink14 : String | provenance | |
| GlobalDataFlow.cs:83:22:83:87 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:83:22:83:95 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:83:22:83:87 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:83:22:83:95 | call to method First<String> : String | provenance | MaD:2 |
| GlobalDataFlow.cs:83:22:83:95 | call to method First<String> : String | GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | provenance | |
| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:83:22:83:87 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:315:31:315:40 | sinkParam8 : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:83:22:83:87 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:3 |
| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:315:31:315:40 | sinkParam8 : String | provenance | MaD:3 |
| GlobalDataFlow.cs:83:57:83:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | provenance | |
| GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | GlobalDataFlow.cs:83:57:83:66 | { ..., ... } : null [element] : String | provenance | |
| GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | GlobalDataFlow.cs:86:15:86:20 | access to local variable sink15 | provenance | |
| GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | GlobalDataFlow.cs:87:106:87:111 | access to local variable sink15 : String | provenance | |
| GlobalDataFlow.cs:85:22:85:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:85:22:85:136 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:85:22:85:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:85:22:85:136 | call to method First<String> : String | provenance | MaD:2 |
| GlobalDataFlow.cs:85:22:85:136 | call to method First<String> : String | GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | provenance | |
| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:22:85:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | provenance | MaD:1385 |
| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:118:85:118 | x : String | provenance | MaD:1385 |
| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:22:85:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | provenance | MaD:5 |
| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:118:85:118 | x : String | provenance | MaD:5 |
| GlobalDataFlow.cs:85:57:85:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | provenance | |
| GlobalDataFlow.cs:85:59:85:64 | access to local variable sink14 : String | GlobalDataFlow.cs:85:57:85:66 | { ..., ... } : null [element] : String | provenance | |
| GlobalDataFlow.cs:85:118:85:118 | x : String | GlobalDataFlow.cs:85:127:85:127 | access to parameter x : String | provenance | |
| GlobalDataFlow.cs:87:13:87:18 | access to local variable sink16 : String | GlobalDataFlow.cs:88:15:88:20 | access to local variable sink16 | provenance | |
| GlobalDataFlow.cs:87:22:87:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:87:22:87:136 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:87:22:87:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:87:22:87:136 | call to method First<String> : String | provenance | MaD:2 |
| GlobalDataFlow.cs:87:22:87:136 | call to method First<String> : String | GlobalDataFlow.cs:87:13:87:18 | access to local variable sink16 : String | provenance | |
| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:22:87:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | provenance | MaD:1386 |
| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:121:87:121 | y : String | provenance | MaD:1386 |
| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:22:87:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | provenance | MaD:6 |
| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:121:87:121 | y : String | provenance | MaD:6 |
| GlobalDataFlow.cs:87:104:87:113 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | provenance | |
| GlobalDataFlow.cs:87:106:87:111 | access to local variable sink15 : String | GlobalDataFlow.cs:87:104:87:113 | { ..., ... } : null [element] : String | provenance | |
| GlobalDataFlow.cs:87:121:87:121 | y : String | GlobalDataFlow.cs:87:127:87:127 | access to parameter y : String | provenance | |
@@ -288,7 +303,7 @@ edges
| GlobalDataFlow.cs:160:20:160:24 | access to local variable sink7 : String | GlobalDataFlow.cs:161:15:161:19 | access to local variable sink7 | provenance | |
| GlobalDataFlow.cs:163:20:163:24 | access to local variable sink8 : String | GlobalDataFlow.cs:164:15:164:19 | access to local variable sink8 | provenance | |
| GlobalDataFlow.cs:165:13:165:18 | access to local variable sink12 : String | GlobalDataFlow.cs:166:15:166:20 | access to local variable sink12 | provenance | |
| GlobalDataFlow.cs:165:22:165:31 | call to method OutYield : IEnumerable<String> [element] : String | GlobalDataFlow.cs:165:22:165:39 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:165:22:165:31 | call to method OutYield : IEnumerable<String> [element] : String | GlobalDataFlow.cs:165:22:165:39 | call to method First<String> : String | provenance | MaD:2 |
| GlobalDataFlow.cs:165:22:165:39 | call to method First<String> : String | GlobalDataFlow.cs:165:13:165:18 | access to local variable sink12 : String | provenance | |
| GlobalDataFlow.cs:167:13:167:18 | access to local variable sink23 : String | GlobalDataFlow.cs:168:15:168:20 | access to local variable sink23 | provenance | |
| GlobalDataFlow.cs:167:22:167:43 | call to method TaintedParam : String | GlobalDataFlow.cs:167:13:167:18 | access to local variable sink23 : String | provenance | |
@@ -303,7 +318,7 @@ edges
| GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable<String> : IQueryable<T> [element] : String | provenance | MaD:1654 |
| GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable<String> : IQueryable<T> [element] : String | provenance | MaD:7 |
| GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable<String> : IQueryable<T> [element] : String | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:211:44:211:61 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | provenance | |
| GlobalDataFlow.cs:211:46:211:59 | "taint source" : String | GlobalDataFlow.cs:211:44:211:61 | { ..., ... } : null [element] : String | provenance | |
@@ -313,24 +328,24 @@ edges
| GlobalDataFlow.cs:215:89:215:89 | access to parameter x : String | GlobalDataFlow.cs:215:76:215:90 | call to method ReturnCheck2<String> : String | provenance | |
| GlobalDataFlow.cs:215:89:215:89 | access to parameter x : String | GlobalDataFlow.cs:321:32:321:41 | sinkParam9 : String | provenance | |
| GlobalDataFlow.cs:216:13:216:18 | access to local variable sink24 : String | GlobalDataFlow.cs:217:15:217:20 | access to local variable sink24 | provenance | |
| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:214:35:214:45 | sinkParam10 : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:216:22:216:39 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:216:22:216:39 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:216:22:216:47 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:214:35:214:45 | sinkParam10 : String | provenance | MaD:3 |
| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:216:22:216:39 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:3 |
| GlobalDataFlow.cs:216:22:216:39 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:216:22:216:47 | call to method First<String> : String | provenance | MaD:2 |
| GlobalDataFlow.cs:216:22:216:47 | call to method First<String> : String | GlobalDataFlow.cs:216:13:216:18 | access to local variable sink24 : String | provenance | |
| GlobalDataFlow.cs:218:13:218:18 | access to local variable sink25 : String | GlobalDataFlow.cs:219:15:219:20 | access to local variable sink25 | provenance | |
| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:215:71:215:71 | x : String | provenance | MaD:1751 |
| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:39 | call to method Select<String,String> : IQueryable<T> [element] : String | provenance | MaD:1751 |
| GlobalDataFlow.cs:218:22:218:39 | call to method Select<String,String> : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:47 | call to method First<String> : String | provenance | MaD:1678 |
| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:215:71:215:71 | x : String | provenance | MaD:9 |
| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:39 | call to method Select<String,String> : IQueryable<T> [element] : String | provenance | MaD:9 |
| GlobalDataFlow.cs:218:22:218:39 | call to method Select<String,String> : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:47 | call to method First<String> : String | provenance | MaD:8 |
| GlobalDataFlow.cs:218:22:218:47 | call to method First<String> : String | GlobalDataFlow.cs:218:13:218:18 | access to local variable sink25 : String | provenance | |
| GlobalDataFlow.cs:220:13:220:18 | access to local variable sink26 : String | GlobalDataFlow.cs:221:15:221:20 | access to local variable sink26 | provenance | |
| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:220:22:220:49 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:220:22:220:49 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:220:22:220:57 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:220:22:220:49 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:3 |
| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | provenance | MaD:3 |
| GlobalDataFlow.cs:220:22:220:49 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:220:22:220:57 | call to method First<String> : String | provenance | MaD:2 |
| GlobalDataFlow.cs:220:22:220:57 | call to method First<String> : String | GlobalDataFlow.cs:220:13:220:18 | access to local variable sink26 : String | provenance | |
| GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:242:22:242:25 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:244:28:244:31 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:241:20:241:49 | call to method Run<String> : Task<T> [property Result] : String | GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:241:20:241:49 | call to method Run<String> : Task<T> [property Result] : String | provenance | MaD:2005 |
| GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:241:20:241:49 | call to method Run<String> : Task<T> [property Result] : String | provenance | MaD:12 |
| GlobalDataFlow.cs:242:13:242:18 | access to local variable sink41 : String | GlobalDataFlow.cs:243:15:243:20 | access to local variable sink41 | provenance | |
| GlobalDataFlow.cs:242:22:242:25 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:242:22:242:32 | access to property Result : String | provenance | |
| GlobalDataFlow.cs:242:22:242:32 | access to property Result : String | GlobalDataFlow.cs:242:13:242:18 | access to local variable sink41 : String | provenance | |
@@ -361,7 +376,7 @@ edges
| GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | GlobalDataFlow.cs:329:15:329:25 | access to parameter sinkParam11 | provenance | |
| GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | GlobalDataFlow.cs:330:16:330:26 | access to parameter sinkParam11 : String | provenance | |
| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:157:21:157:25 | call to method Out : String | provenance | |
| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:193:22:193:42 | object creation of type Lazy<String> : Lazy<T> [property Value] : String | provenance | MaD:2623 |
| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:193:22:193:42 | object creation of type Lazy<String> : Lazy<T> [property Value] : String | provenance | MaD:14 |
| GlobalDataFlow.cs:346:9:346:9 | access to parameter x : String | GlobalDataFlow.cs:160:20:160:24 | access to local variable sink7 : String | provenance | |
| GlobalDataFlow.cs:346:13:346:26 | "taint source" : String | GlobalDataFlow.cs:346:9:346:9 | access to parameter x : String | provenance | |
| GlobalDataFlow.cs:351:9:351:9 | access to parameter x : String | GlobalDataFlow.cs:163:20:163:24 | access to local variable sink8 : String | provenance | |
@@ -392,15 +407,15 @@ edges
| GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | GlobalDataFlow.cs:201:22:201:32 | access to property OutProperty : String | provenance | |
| GlobalDataFlow.cs:457:13:457:16 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:457:20:457:49 | call to method Run<String> : Task<T> [property Result] : String | GlobalDataFlow.cs:457:13:457:16 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run<String> : Task<T> [property Result] : String | provenance | MaD:2005 |
| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run<String> : Task<T> [property Result] : String | provenance | MaD:12 |
| GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | |
| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:2017 |
| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:13 |
| GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | |
| GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | |
| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:1833 |
| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:10 |
| GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | |
| GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | provenance | |
| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:1834 |
| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:11 |
| GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | provenance | |
| GlobalDataFlow.cs:466:53:466:55 | arg : String | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | provenance | |
| GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance | |

2
csharp/ql/test/library-tests/dataflow/global/DataFlowPath.ql
View File

@@ -4,7 +4,7 @@
import csharp
import Common
import Flow::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<Flow::PathNode, Flow::PathGraph>
from Flow::PathNode source, Flow::PathNode sink, string s
where

125
csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.expected
View File

@@ -1,3 +1,28 @@
models
| 1 | Summary: System.Collections.Generic; List<T>; false; ForEach; (System.Action<T>); ; Argument[this].Element; Argument[0].Parameter[0]; value; manual |
| 2 | Summary: System.Linq; Enumerable; false; Aggregate<TSource,TAccumulate,TResult>; (System.Collections.Generic.IEnumerable<TSource>,TAccumulate,System.Func<TAccumulate,TSource,TAccumulate>,System.Func<TAccumulate,TResult>); ; Argument[0].Element; Argument[2].Parameter[1]; value; manual |
| 3 | Summary: System.Linq; Enumerable; false; Aggregate<TSource,TAccumulate,TResult>; (System.Collections.Generic.IEnumerable<TSource>,TAccumulate,System.Func<TAccumulate,TSource,TAccumulate>,System.Func<TAccumulate,TResult>); ; Argument[1]; Argument[2].Parameter[0]; value; manual |
| 4 | Summary: System.Linq; Enumerable; false; First<TSource>; (System.Collections.Generic.IEnumerable<TSource>); ; Argument[0].Element; ReturnValue; value; manual |
| 5 | Summary: System.Linq; Enumerable; false; Select<TSource,TResult>; (System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual |
| 6 | Summary: System.Linq; Enumerable; false; Select<TSource,TResult>; (System.Collections.Generic.IEnumerable<TSource>,System.Func<TSource,TResult>); ; Argument[1].ReturnValue; ReturnValue.Element; value; manual |
| 7 | Summary: System.Linq; Enumerable; false; Zip<TFirst,TSecond,TResult>; (System.Collections.Generic.IEnumerable<TFirst>,System.Collections.Generic.IEnumerable<TSecond>,System.Func<TFirst,TSecond,TResult>); ; Argument[0].Element; Argument[2].Parameter[0]; value; manual |
| 8 | Summary: System.Linq; Enumerable; false; Zip<TFirst,TSecond,TResult>; (System.Collections.Generic.IEnumerable<TFirst>,System.Collections.Generic.IEnumerable<TSecond>,System.Func<TFirst,TSecond,TResult>); ; Argument[1].Element; Argument[2].Parameter[1]; value; manual |
| 9 | Summary: System.Linq; Queryable; false; AsQueryable<TElement>; (System.Collections.Generic.IEnumerable<TElement>); ; Argument[0].Element; ReturnValue.Element; value; manual |
| 10 | Summary: System.Linq; Queryable; false; First<TSource>; (System.Linq.IQueryable<TSource>); ; Argument[0].Element; ReturnValue; value; manual |
| 11 | Summary: System.Linq; Queryable; false; Select<TSource,TResult>; (System.Linq.IQueryable<TSource>,System.Linq.Expressions.Expression<System.Func<TSource,TResult>>); ; Argument[0].Element; Argument[1].Parameter[0]; value; manual |
| 12 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>; false; GetAwaiter; (); ; Argument[this].SyntheticField[m_configuredTaskAwaiter]; ReturnValue; value; manual |
| 13 | Summary: System.Runtime.CompilerServices; ConfiguredTaskAwaitable<TResult>+ConfiguredTaskAwaiter; false; GetResult; (); ; Argument[this].SyntheticField[m_task_configured_task_awaitable].Property[System.Threading.Tasks.Task`1.Result]; ReturnValue; value; manual |
| 14 | Summary: System.Text; StringBuilder; false; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual |
| 15 | Summary: System.Text; StringBuilder; false; Append; (System.Text.StringBuilder); ; Argument[0]; Argument[this]; taint; manual |
| 16 | Summary: System.Text; StringBuilder; false; Append; (System.Text.StringBuilder+AppendInterpolatedStringHandler); ; Argument[0]; Argument[this]; taint; manual |
| 17 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual |
| 18 | Summary: System.Threading.Tasks; Task; false; Run<TResult>; (System.Func<TResult>); ; Argument[0].ReturnValue; ReturnValue.Property[System.Threading.Tasks.Task`1.Result]; value; manual |
| 19 | Summary: System.Threading.Tasks; Task<TResult>; false; ConfigureAwait; (System.Boolean); ; Argument[this]; ReturnValue.SyntheticField[m_configuredTaskAwaiter].SyntheticField[m_task_configured_task_awaitable]; value; manual |
| 20 | Summary: System; Boolean; false; TryParse; (System.String,System.Boolean); ; Argument[0]; Argument[1]; taint; manual |
| 21 | Summary: System; Int32; false; TryParse; (System.String,System.Globalization.NumberStyles,System.IFormatProvider,System.Int32); ; Argument[0]; Argument[3]; taint; manual |
| 22 | Summary: System; Int32; false; TryParse; (System.String,System.Int32); ; Argument[0]; Argument[1]; taint; manual |
| 23 | Summary: System; Lazy<T>; false; Lazy; (System.Func<T>); ; Argument[0].ReturnValue; Argument[this].Property[System.Lazy`1.Value]; value; manual |
| 24 | Summary: System; String; false; Join; (System.String,System.String[]); ; Argument[1].Element; ReturnValue; taint; manual |
edges
| Capture.cs:7:20:7:26 | tainted : String | Capture.cs:14:9:14:18 | access to local function CaptureIn1 : CaptureIn1 [captured tainted] : String | provenance | |
| Capture.cs:7:20:7:26 | tainted : String | Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | provenance | |
@@ -12,8 +37,8 @@ edges
| Capture.cs:25:9:25:18 | access to local function CaptureIn2 : CaptureIn2 [captured tainted] : String | Capture.cs:23:13:23:13 | access to local function M : M [captured tainted] : String | provenance | |
| Capture.cs:29:17:29:22 | access to local variable sink29 : String | Capture.cs:30:19:30:24 | access to local variable sink29 | provenance | |
| Capture.cs:29:26:29:32 | access to parameter tainted : String | Capture.cs:29:17:29:22 | access to local variable sink29 : String | provenance | |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:1307 |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:1308 |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:5 |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | MaD:6 |
| Capture.cs:33:30:33:39 | access to local variable captureIn3 : Func<String,String> [captured tainted] : String | Capture.cs:29:26:29:32 | access to parameter tainted : String | provenance | heuristic-callback |
| Capture.cs:50:50:50:55 | sink39 : String | Capture.cs:52:23:59:13 | (...) => ... : (...) => ... [captured sink39] : String | provenance | |
| Capture.cs:52:23:59:13 | (...) => ... : (...) => ... [captured sink39] : String | Capture.cs:350:34:350:34 | a : (...) => ... [captured sink39] : String | provenance | |
@@ -45,11 +70,11 @@ edges
| Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | Capture.cs:144:13:144:13 | access to local function M : M [captured tainted] : String | provenance | |
| Capture.cs:146:9:146:23 | access to local function CaptureThrough2 : CaptureThrough2 [captured tainted] : String | Capture.cs:146:9:146:23 | [post] access to local function CaptureThrough2 : CaptureThrough2 [captured sink34] : String | provenance | |
| Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | Capture.cs:156:15:156:20 | access to local variable sink35 | provenance | |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:1307 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:1308 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:5 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | MaD:6 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:152:22:152:28 | access to parameter tainted : String | provenance | heuristic-callback |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:1307 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:1308 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:5 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | MaD:6 |
| Capture.cs:155:30:155:44 | access to local variable captureThrough3 : Func<String,String> [captured tainted] : String | Capture.cs:155:30:155:44 | [post] access to local variable captureThrough3 : (...) => ... [captured sink35] : String | provenance | heuristic-callback |
| Capture.cs:162:13:162:18 | access to local variable sink36 : String | Capture.cs:163:15:163:20 | access to local variable sink36 | provenance | |
| Capture.cs:162:22:162:36 | access to local function CaptureThrough4 : CaptureThrough4 [captured tainted] : String | Capture.cs:160:20:160:26 | access to parameter tainted : String | provenance | |
@@ -78,7 +103,7 @@ edges
| Capture.cs:223:31:223:44 | "taint source" : String | Capture.cs:223:28:223:45 | call to method M3 : (...) => ... [captured s] : String | provenance | |
| Capture.cs:228:17:228:30 | "taint source" : String | Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | provenance | |
| Capture.cs:228:17:228:30 | "taint source" : String | Capture.cs:234:15:234:15 | access to local variable x | provenance | |
| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | MaD:633 |
| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | MaD:1 |
| Capture.cs:229:20:233:9 | (...) => ... : (...) => ... [captured x] : String | Capture.cs:231:19:231:19 | access to local variable x | provenance | heuristic-callback |
| Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | Capture.cs:234:15:234:15 | access to local variable x | provenance | |
| Capture.cs:232:17:232:30 | "taint source" : String | Capture.cs:229:20:233:9 | [post] (...) => ... : (...) => ... [captured x] : String | provenance | |
@@ -239,7 +264,7 @@ edges
| GlobalDataFlow.cs:79:30:79:34 | access to local variable sink3 : String | GlobalDataFlow.cs:139:29:139:33 | access to local variable sink3 : String | provenance | |
| GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | GlobalDataFlow.cs:82:15:82:20 | access to local variable sink13 | provenance | |
| GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | provenance | |
| GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:81:22:81:93 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:81:22:81:93 | call to method First<String> : String | provenance | MaD:4 |
| GlobalDataFlow.cs:81:22:81:93 | call to method First<String> : String | GlobalDataFlow.cs:81:13:81:18 | access to local variable sink13 : String | provenance | |
| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:81:22:81:85 | call to method SelectEven<String,String> : IEnumerable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:81:23:81:65 | (...) ... : null [element] : String | GlobalDataFlow.cs:553:71:553:71 | e : null [element] : String | provenance | |
@@ -250,32 +275,32 @@ edges
| GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:85:59:85:64 | access to local variable sink14 : String | provenance | |
| GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:89:59:89:64 | access to local variable sink14 : String | provenance | |
| GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | GlobalDataFlow.cs:91:75:91:80 | access to local variable sink14 : String | provenance | |
| GlobalDataFlow.cs:83:22:83:87 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:83:22:83:95 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:83:22:83:87 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:83:22:83:95 | call to method First<String> : String | provenance | MaD:4 |
| GlobalDataFlow.cs:83:22:83:95 | call to method First<String> : String | GlobalDataFlow.cs:83:13:83:18 | access to local variable sink14 : String | provenance | |
| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:83:22:83:87 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:315:31:315:40 | sinkParam8 : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:83:22:83:87 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:5 |
| GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:315:31:315:40 | sinkParam8 : String | provenance | MaD:5 |
| GlobalDataFlow.cs:83:57:83:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:83:23:83:66 | (...) ... : null [element] : String | provenance | |
| GlobalDataFlow.cs:83:59:83:64 | access to local variable sink13 : String | GlobalDataFlow.cs:83:57:83:66 | { ..., ... } : null [element] : String | provenance | |
| GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | GlobalDataFlow.cs:86:15:86:20 | access to local variable sink15 | provenance | |
| GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | GlobalDataFlow.cs:87:106:87:111 | access to local variable sink15 : String | provenance | |
| GlobalDataFlow.cs:85:22:85:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:85:22:85:136 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:85:22:85:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:85:22:85:136 | call to method First<String> : String | provenance | MaD:4 |
| GlobalDataFlow.cs:85:22:85:136 | call to method First<String> : String | GlobalDataFlow.cs:85:13:85:18 | access to local variable sink15 : String | provenance | |
| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:22:85:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | provenance | MaD:1385 |
| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:118:85:118 | x : String | provenance | MaD:1385 |
| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:22:85:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | provenance | MaD:7 |
| GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:85:118:85:118 | x : String | provenance | MaD:7 |
| GlobalDataFlow.cs:85:57:85:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:85:23:85:66 | (...) ... : null [element] : String | provenance | |
| GlobalDataFlow.cs:85:59:85:64 | access to local variable sink14 : String | GlobalDataFlow.cs:85:57:85:66 | { ..., ... } : null [element] : String | provenance | |
| GlobalDataFlow.cs:85:118:85:118 | x : String | GlobalDataFlow.cs:85:127:85:127 | access to parameter x : String | provenance | |
| GlobalDataFlow.cs:87:13:87:18 | access to local variable sink16 : String | GlobalDataFlow.cs:88:15:88:20 | access to local variable sink16 | provenance | |
| GlobalDataFlow.cs:87:22:87:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:87:22:87:136 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:87:22:87:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:87:22:87:136 | call to method First<String> : String | provenance | MaD:4 |
| GlobalDataFlow.cs:87:22:87:136 | call to method First<String> : String | GlobalDataFlow.cs:87:13:87:18 | access to local variable sink16 : String | provenance | |
| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:22:87:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | provenance | MaD:1386 |
| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:121:87:121 | y : String | provenance | MaD:1386 |
| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:22:87:128 | call to method Zip<String,String,String> : IEnumerable<T> [element] : String | provenance | MaD:8 |
| GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | GlobalDataFlow.cs:87:121:87:121 | y : String | provenance | MaD:8 |
| GlobalDataFlow.cs:87:104:87:113 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:87:70:87:113 | (...) ... : null [element] : String | provenance | |
| GlobalDataFlow.cs:87:106:87:111 | access to local variable sink15 : String | GlobalDataFlow.cs:87:104:87:113 | { ..., ... } : null [element] : String | provenance | |
| GlobalDataFlow.cs:87:121:87:121 | y : String | GlobalDataFlow.cs:87:127:87:127 | access to parameter y : String | provenance | |
| GlobalDataFlow.cs:89:13:89:18 | access to local variable sink17 : String | GlobalDataFlow.cs:90:15:90:20 | access to local variable sink17 | provenance | |
| GlobalDataFlow.cs:89:22:89:110 | call to method Aggregate<String,String,String> : String | GlobalDataFlow.cs:89:13:89:18 | access to local variable sink17 : String | provenance | |
| GlobalDataFlow.cs:89:23:89:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:89:22:89:110 | call to method Aggregate<String,String,String> : String | provenance | MaD:1176 |
| GlobalDataFlow.cs:89:23:89:66 | (...) ... : null [element] : String | GlobalDataFlow.cs:89:22:89:110 | call to method Aggregate<String,String,String> : String | provenance | MaD:2 |
| GlobalDataFlow.cs:89:57:89:66 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:89:23:89:66 | (...) ... : null [element] : String | provenance | |
| GlobalDataFlow.cs:89:59:89:64 | access to local variable sink14 : String | GlobalDataFlow.cs:89:57:89:66 | { ..., ... } : null [element] : String | provenance | |
| GlobalDataFlow.cs:91:13:91:18 | access to local variable sink18 : String | GlobalDataFlow.cs:92:15:92:20 | access to local variable sink18 | provenance | |
@@ -283,12 +308,12 @@ edges
| GlobalDataFlow.cs:91:13:91:18 | access to local variable sink18 : String | GlobalDataFlow.cs:97:23:97:28 | access to local variable sink18 : String | provenance | |
| GlobalDataFlow.cs:91:13:91:18 | access to local variable sink18 : String | GlobalDataFlow.cs:100:24:100:29 | access to local variable sink18 : String | provenance | |
| GlobalDataFlow.cs:91:22:91:110 | call to method Aggregate<String,String,String> : String | GlobalDataFlow.cs:91:13:91:18 | access to local variable sink18 : String | provenance | |
| GlobalDataFlow.cs:91:75:91:80 | access to local variable sink14 : String | GlobalDataFlow.cs:91:22:91:110 | call to method Aggregate<String,String,String> : String | provenance | MaD:1177 |
| GlobalDataFlow.cs:94:24:94:29 | access to local variable sink18 : String | GlobalDataFlow.cs:94:36:94:41 | access to local variable sink21 : Int32 | provenance | MaD:2621 |
| GlobalDataFlow.cs:91:75:91:80 | access to local variable sink14 : String | GlobalDataFlow.cs:91:22:91:110 | call to method Aggregate<String,String,String> : String | provenance | MaD:3 |
| GlobalDataFlow.cs:94:24:94:29 | access to local variable sink18 : String | GlobalDataFlow.cs:94:36:94:41 | access to local variable sink21 : Int32 | provenance | MaD:22 |
| GlobalDataFlow.cs:94:36:94:41 | access to local variable sink21 : Int32 | GlobalDataFlow.cs:95:15:95:20 | access to local variable sink21 | provenance | |
| GlobalDataFlow.cs:97:23:97:28 | access to local variable sink18 : String | GlobalDataFlow.cs:97:35:97:40 | access to local variable sink22 : Boolean | provenance | MaD:2281 |
| GlobalDataFlow.cs:97:23:97:28 | access to local variable sink18 : String | GlobalDataFlow.cs:97:35:97:40 | access to local variable sink22 : Boolean | provenance | MaD:20 |
| GlobalDataFlow.cs:97:35:97:40 | access to local variable sink22 : Boolean | GlobalDataFlow.cs:98:15:98:20 | access to local variable sink22 | provenance | |
| GlobalDataFlow.cs:100:24:100:29 | access to local variable sink18 : String | GlobalDataFlow.cs:100:82:100:88 | access to local variable sink21b : Int32 | provenance | MaD:2619 |
| GlobalDataFlow.cs:100:24:100:29 | access to local variable sink18 : String | GlobalDataFlow.cs:100:82:100:88 | access to local variable sink21b : Int32 | provenance | MaD:21 |
| GlobalDataFlow.cs:100:82:100:88 | access to local variable sink21b : Int32 | GlobalDataFlow.cs:101:15:101:21 | access to local variable sink21b | provenance | |
| GlobalDataFlow.cs:138:40:138:40 | x : String | GlobalDataFlow.cs:138:63:138:63 | access to parameter x : String | provenance | |
| GlobalDataFlow.cs:138:63:138:63 | access to parameter x : String | GlobalDataFlow.cs:138:45:138:64 | call to method ApplyFunc<String,String> : String | provenance | |
@@ -307,7 +332,7 @@ edges
| GlobalDataFlow.cs:160:20:160:24 | access to local variable sink7 : String | GlobalDataFlow.cs:161:15:161:19 | access to local variable sink7 | provenance | |
| GlobalDataFlow.cs:163:20:163:24 | access to local variable sink8 : String | GlobalDataFlow.cs:164:15:164:19 | access to local variable sink8 | provenance | |
| GlobalDataFlow.cs:165:13:165:18 | access to local variable sink12 : String | GlobalDataFlow.cs:166:15:166:20 | access to local variable sink12 | provenance | |
| GlobalDataFlow.cs:165:22:165:31 | call to method OutYield : IEnumerable<String> [element] : String | GlobalDataFlow.cs:165:22:165:39 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:165:22:165:31 | call to method OutYield : IEnumerable<String> [element] : String | GlobalDataFlow.cs:165:22:165:39 | call to method First<String> : String | provenance | MaD:4 |
| GlobalDataFlow.cs:165:22:165:39 | call to method First<String> : String | GlobalDataFlow.cs:165:13:165:18 | access to local variable sink12 : String | provenance | |
| GlobalDataFlow.cs:167:13:167:18 | access to local variable sink23 : String | GlobalDataFlow.cs:168:15:168:20 | access to local variable sink23 | provenance | |
| GlobalDataFlow.cs:167:22:167:43 | call to method TaintedParam : String | GlobalDataFlow.cs:167:13:167:18 | access to local variable sink23 : String | provenance | |
@@ -322,7 +347,7 @@ edges
| GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable<String> : IQueryable<T> [element] : String | provenance | MaD:1654 |
| GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable<String> : IQueryable<T> [element] : String | provenance | MaD:9 |
| GlobalDataFlow.cs:211:38:211:75 | call to method AsQueryable<String> : IQueryable<T> [element] : String | GlobalDataFlow.cs:211:28:211:34 | access to local variable tainted : IQueryable<T> [element] : String | provenance | |
| GlobalDataFlow.cs:211:44:211:61 | { ..., ... } : null [element] : String | GlobalDataFlow.cs:211:38:211:61 | array creation of type String[] : null [element] : String | provenance | |
| GlobalDataFlow.cs:211:46:211:59 | "taint source" : String | GlobalDataFlow.cs:211:44:211:61 | { ..., ... } : null [element] : String | provenance | |
@@ -332,24 +357,24 @@ edges
| GlobalDataFlow.cs:215:89:215:89 | access to parameter x : String | GlobalDataFlow.cs:215:76:215:90 | call to method ReturnCheck2<String> : String | provenance | |
| GlobalDataFlow.cs:215:89:215:89 | access to parameter x : String | GlobalDataFlow.cs:321:32:321:41 | sinkParam9 : String | provenance | |
| GlobalDataFlow.cs:216:13:216:18 | access to local variable sink24 : String | GlobalDataFlow.cs:217:15:217:20 | access to local variable sink24 | provenance | |
| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:214:35:214:45 | sinkParam10 : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:216:22:216:39 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:216:22:216:39 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:216:22:216:47 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:214:35:214:45 | sinkParam10 : String | provenance | MaD:5 |
| GlobalDataFlow.cs:216:22:216:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:216:22:216:39 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:5 |
| GlobalDataFlow.cs:216:22:216:39 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:216:22:216:47 | call to method First<String> : String | provenance | MaD:4 |
| GlobalDataFlow.cs:216:22:216:47 | call to method First<String> : String | GlobalDataFlow.cs:216:13:216:18 | access to local variable sink24 : String | provenance | |
| GlobalDataFlow.cs:218:13:218:18 | access to local variable sink25 : String | GlobalDataFlow.cs:219:15:219:20 | access to local variable sink25 | provenance | |
| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:215:71:215:71 | x : String | provenance | MaD:1751 |
| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:39 | call to method Select<String,String> : IQueryable<T> [element] : String | provenance | MaD:1751 |
| GlobalDataFlow.cs:218:22:218:39 | call to method Select<String,String> : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:47 | call to method First<String> : String | provenance | MaD:1678 |
| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:215:71:215:71 | x : String | provenance | MaD:11 |
| GlobalDataFlow.cs:218:22:218:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:39 | call to method Select<String,String> : IQueryable<T> [element] : String | provenance | MaD:11 |
| GlobalDataFlow.cs:218:22:218:39 | call to method Select<String,String> : IQueryable<T> [element] : String | GlobalDataFlow.cs:218:22:218:47 | call to method First<String> : String | provenance | MaD:10 |
| GlobalDataFlow.cs:218:22:218:47 | call to method First<String> : String | GlobalDataFlow.cs:218:13:218:18 | access to local variable sink25 : String | provenance | |
| GlobalDataFlow.cs:220:13:220:18 | access to local variable sink26 : String | GlobalDataFlow.cs:221:15:221:20 | access to local variable sink26 | provenance | |
| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:220:22:220:49 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | provenance | MaD:1307 |
| GlobalDataFlow.cs:220:22:220:49 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:220:22:220:57 | call to method First<String> : String | provenance | MaD:1211 |
| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:220:22:220:49 | call to method Select<String,String> : IEnumerable<T> [element] : String | provenance | MaD:5 |
| GlobalDataFlow.cs:220:22:220:28 | access to local variable tainted : IQueryable<T> [element] : String | GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | provenance | MaD:5 |
| GlobalDataFlow.cs:220:22:220:49 | call to method Select<String,String> : IEnumerable<T> [element] : String | GlobalDataFlow.cs:220:22:220:57 | call to method First<String> : String | provenance | MaD:4 |
| GlobalDataFlow.cs:220:22:220:57 | call to method First<String> : String | GlobalDataFlow.cs:220:13:220:18 | access to local variable sink26 : String | provenance | |
| GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:242:22:242:25 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:244:28:244:31 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:241:20:241:49 | call to method Run<String> : Task<T> [property Result] : String | GlobalDataFlow.cs:241:13:241:16 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:241:20:241:49 | call to method Run<String> : Task<T> [property Result] : String | provenance | MaD:2005 |
| GlobalDataFlow.cs:241:35:241:48 | "taint source" : String | GlobalDataFlow.cs:241:20:241:49 | call to method Run<String> : Task<T> [property Result] : String | provenance | MaD:18 |
| GlobalDataFlow.cs:242:13:242:18 | access to local variable sink41 : String | GlobalDataFlow.cs:243:15:243:20 | access to local variable sink41 | provenance | |
| GlobalDataFlow.cs:242:22:242:25 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:242:22:242:32 | access to property Result : String | provenance | |
| GlobalDataFlow.cs:242:22:242:32 | access to property Result : String | GlobalDataFlow.cs:242:13:242:18 | access to local variable sink41 : String | provenance | |
@@ -380,7 +405,7 @@ edges
| GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | GlobalDataFlow.cs:329:15:329:25 | access to parameter sinkParam11 | provenance | |
| GlobalDataFlow.cs:327:32:327:42 | sinkParam11 : String | GlobalDataFlow.cs:330:16:330:26 | access to parameter sinkParam11 : String | provenance | |
| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:157:21:157:25 | call to method Out : String | provenance | |
| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:193:22:193:42 | object creation of type Lazy<String> : Lazy<T> [property Value] : String | provenance | MaD:2623 |
| GlobalDataFlow.cs:341:16:341:29 | "taint source" : String | GlobalDataFlow.cs:193:22:193:42 | object creation of type Lazy<String> : Lazy<T> [property Value] : String | provenance | MaD:23 |
| GlobalDataFlow.cs:346:9:346:9 | access to parameter x : String | GlobalDataFlow.cs:160:20:160:24 | access to local variable sink7 : String | provenance | |
| GlobalDataFlow.cs:346:13:346:26 | "taint source" : String | GlobalDataFlow.cs:346:9:346:9 | access to parameter x : String | provenance | |
| GlobalDataFlow.cs:351:9:351:9 | access to parameter x : String | GlobalDataFlow.cs:163:20:163:24 | access to local variable sink8 : String | provenance | |
@@ -411,18 +436,18 @@ edges
| GlobalDataFlow.cs:438:22:438:35 | "taint source" : String | GlobalDataFlow.cs:201:22:201:32 | access to property OutProperty : String | provenance | |
| GlobalDataFlow.cs:448:13:448:18 | access to local variable sink44 : String | GlobalDataFlow.cs:449:15:449:20 | access to local variable sink44 | provenance | |
| GlobalDataFlow.cs:448:22:448:65 | call to method Join : String | GlobalDataFlow.cs:448:13:448:18 | access to local variable sink44 : String | provenance | |
| GlobalDataFlow.cs:448:51:448:64 | "taint source" : String | GlobalDataFlow.cs:448:22:448:65 | call to method Join : String | provenance | MaD:2725 |
| GlobalDataFlow.cs:448:51:448:64 | "taint source" : String | GlobalDataFlow.cs:448:22:448:65 | call to method Join : String | provenance | MaD:24 |
| GlobalDataFlow.cs:457:13:457:16 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:457:20:457:49 | call to method Run<String> : Task<T> [property Result] : String | GlobalDataFlow.cs:457:13:457:16 | access to local variable task : Task<T> [property Result] : String | provenance | |
| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run<String> : Task<T> [property Result] : String | provenance | MaD:2005 |
| GlobalDataFlow.cs:457:35:457:48 | "taint source" : String | GlobalDataFlow.cs:457:20:457:49 | call to method Run<String> : Task<T> [property Result] : String | provenance | MaD:18 |
| GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | |
| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:2017 |
| GlobalDataFlow.cs:458:25:458:28 | access to local variable task : Task<T> [property Result] : String | GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:19 |
| GlobalDataFlow.cs:458:25:458:50 | call to method ConfigureAwait : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:458:13:458:21 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | provenance | |
| GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | |
| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:1833 |
| GlobalDataFlow.cs:459:23:459:31 | access to local variable awaitable : ConfiguredTaskAwaitable<T> [synthetic m_configuredTaskAwaiter, synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | MaD:12 |
| GlobalDataFlow.cs:459:23:459:44 | call to method GetAwaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:459:13:459:19 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | provenance | |
| GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | GlobalDataFlow.cs:461:15:461:20 | access to local variable sink45 | provenance | |
| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:1834 |
| GlobalDataFlow.cs:460:22:460:28 | access to local variable awaiter : ConfiguredTaskAwaitable<T>.ConfiguredTaskAwaiter [synthetic m_task_configured_task_awaitable, property Result] : String | GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | provenance | MaD:13 |
| GlobalDataFlow.cs:460:22:460:40 | call to method GetResult : String | GlobalDataFlow.cs:460:13:460:18 | access to local variable sink45 : String | provenance | |
| GlobalDataFlow.cs:466:53:466:55 | arg : String | GlobalDataFlow.cs:470:15:470:17 | access to parameter arg : String | provenance | |
| GlobalDataFlow.cs:469:21:469:21 | s : String | GlobalDataFlow.cs:469:32:469:32 | access to parameter s | provenance | |
@@ -475,33 +500,33 @@ edges
| GlobalDataFlow.cs:558:46:558:46 | access to local variable x : String | GlobalDataFlow.cs:558:44:558:47 | delegate call : String | provenance | |
| GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | provenance | |
| GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | GlobalDataFlowStringBuilder.cs:17:53:17:54 | sb [Return] : StringBuilder | provenance | |
| GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | provenance | MaD:1910 |
| GlobalDataFlowStringBuilder.cs:19:19:19:19 | access to parameter s : String | GlobalDataFlowStringBuilder.cs:19:9:19:10 | [post] access to parameter sb : StringBuilder | provenance | MaD:14 |
| GlobalDataFlowStringBuilder.cs:22:76:22:76 | s : String | GlobalDataFlowStringBuilder.cs:24:19:24:26 | (...) ... : AppendInterpolatedStringHandler | provenance | |
| GlobalDataFlowStringBuilder.cs:24:9:24:10 | [post] access to parameter sb : StringBuilder | GlobalDataFlowStringBuilder.cs:22:65:22:66 | sb [Return] : StringBuilder | provenance | |
| GlobalDataFlowStringBuilder.cs:24:19:24:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:24:9:24:10 | [post] access to parameter sb : StringBuilder | provenance | MaD:1922 |
| GlobalDataFlowStringBuilder.cs:24:19:24:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:24:9:24:10 | [post] access to parameter sb : StringBuilder | provenance | MaD:16 |
| GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | provenance | |
| GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:35:20:35:21 | access to local variable sb : StringBuilder | provenance | |
| GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:40:20:40:26 | (...) ... : AppendInterpolatedStringHandler | provenance | |
| GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:17:64:17:64 | s : String | provenance | |
| GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | provenance | MaD:1910 |
| GlobalDataFlowStringBuilder.cs:30:35:30:48 | "taint source" : String | GlobalDataFlowStringBuilder.cs:30:31:30:32 | [post] access to local variable sb : StringBuilder | provenance | MaD:14 |
| GlobalDataFlowStringBuilder.cs:31:13:31:17 | access to local variable sink0 : String | GlobalDataFlowStringBuilder.cs:32:15:32:19 | access to local variable sink0 | provenance | |
| GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | provenance | MaD:1980 |
| GlobalDataFlowStringBuilder.cs:31:21:31:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | provenance | MaD:17 |
| GlobalDataFlowStringBuilder.cs:31:21:31:33 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:31:13:31:17 | access to local variable sink0 : String | provenance | |
| GlobalDataFlowStringBuilder.cs:35:9:35:11 | [post] access to local variable sb1 : StringBuilder | GlobalDataFlowStringBuilder.cs:36:21:36:23 | access to local variable sb1 : StringBuilder | provenance | |
| GlobalDataFlowStringBuilder.cs:35:20:35:21 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:35:9:35:11 | [post] access to local variable sb1 : StringBuilder | provenance | MaD:1915 |
| GlobalDataFlowStringBuilder.cs:35:20:35:21 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:35:9:35:11 | [post] access to local variable sb1 : StringBuilder | provenance | MaD:15 |
| GlobalDataFlowStringBuilder.cs:36:13:36:17 | access to local variable sink1 : String | GlobalDataFlowStringBuilder.cs:37:15:37:19 | access to local variable sink1 | provenance | |
| GlobalDataFlowStringBuilder.cs:36:21:36:23 | access to local variable sb1 : StringBuilder | GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString : String | provenance | MaD:1980 |
| GlobalDataFlowStringBuilder.cs:36:21:36:23 | access to local variable sb1 : StringBuilder | GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString : String | provenance | MaD:17 |
| GlobalDataFlowStringBuilder.cs:36:21:36:34 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:36:13:36:17 | access to local variable sink1 : String | provenance | |
| GlobalDataFlowStringBuilder.cs:40:9:40:11 | [post] access to local variable sb2 : StringBuilder | GlobalDataFlowStringBuilder.cs:41:21:41:23 | access to local variable sb2 : StringBuilder | provenance | |
| GlobalDataFlowStringBuilder.cs:40:20:40:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:40:9:40:11 | [post] access to local variable sb2 : StringBuilder | provenance | MaD:1922 |
| GlobalDataFlowStringBuilder.cs:40:20:40:26 | (...) ... : AppendInterpolatedStringHandler | GlobalDataFlowStringBuilder.cs:40:9:40:11 | [post] access to local variable sb2 : StringBuilder | provenance | MaD:16 |
| GlobalDataFlowStringBuilder.cs:41:13:41:17 | access to local variable sink2 : String | GlobalDataFlowStringBuilder.cs:42:15:42:19 | access to local variable sink2 | provenance | |
| GlobalDataFlowStringBuilder.cs:41:21:41:23 | access to local variable sb2 : StringBuilder | GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString : String | provenance | MaD:1980 |
| GlobalDataFlowStringBuilder.cs:41:21:41:23 | access to local variable sb2 : StringBuilder | GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString : String | provenance | MaD:17 |
| GlobalDataFlowStringBuilder.cs:41:21:41:34 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:41:13:41:17 | access to local variable sink2 : String | provenance | |
| GlobalDataFlowStringBuilder.cs:48:43:48:44 | [post] access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:49:21:49:22 | access to local variable sb : StringBuilder | provenance | |
| GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | GlobalDataFlowStringBuilder.cs:22:76:22:76 | s : String | provenance | |
| GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | GlobalDataFlowStringBuilder.cs:48:43:48:44 | [post] access to local variable sb : StringBuilder | provenance | MaD:1922 |
| GlobalDataFlowStringBuilder.cs:48:47:48:60 | "taint source" : String | GlobalDataFlowStringBuilder.cs:48:43:48:44 | [post] access to local variable sb : StringBuilder | provenance | MaD:16 |
| GlobalDataFlowStringBuilder.cs:49:13:49:17 | access to local variable sink3 : String | GlobalDataFlowStringBuilder.cs:50:15:50:19 | access to local variable sink3 | provenance | |
| GlobalDataFlowStringBuilder.cs:49:21:49:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString : String | provenance | MaD:1980 |
| GlobalDataFlowStringBuilder.cs:49:21:49:22 | access to local variable sb : StringBuilder | GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString : String | provenance | MaD:17 |
| GlobalDataFlowStringBuilder.cs:49:21:49:33 | call to method ToString : String | GlobalDataFlowStringBuilder.cs:49:13:49:17 | access to local variable sink3 : String | provenance | |
| MultiImplementationA.cs:5:28:5:41 | "taint source" : String | MultiImplementationA.cs:7:27:7:27 | x : String | provenance | |
| MultiImplementationA.cs:7:27:7:27 | x : String | MultiImplementationA.cs:7:39:7:39 | access to parameter x | provenance | |

2
csharp/ql/test/library-tests/dataflow/global/TaintTrackingPath.ql
View File

@@ -4,7 +4,7 @@
import csharp
import Common
import Taint::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<Taint::PathNode, Taint::PathGraph>
module Taint = TaintTracking::Global<FlowConfig>;

15
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.expected
View File

@@ -1,13 +1,18 @@
models
| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
| 2 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
| 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
edges
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1887 |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1819 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1137 |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:3 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:2 |
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:1887 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:4 |
nodes
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |

2
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest1.ql
View File

@@ -3,7 +3,7 @@
*/
import Test
import ThreatModel::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<ThreatModel::PathNode, ThreatModel::PathGraph>
from ThreatModel::PathNode source, ThreatModel::PathNode sink
where ThreatModel::flowPath(source, sink)

20
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.expected
View File

@@ -1,15 +1,21 @@
models
| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
| 2 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
| 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
| 5 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual |
edges
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1887 |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1819 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1137 |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:3 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:2 |
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:1887 |
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:52967 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:4 |
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:5 |
nodes
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |

2
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest2.ql
View File

@@ -4,7 +4,7 @@
*/
import Test
import ThreatModel::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<ThreatModel::PathNode, ThreatModel::PathGraph>
from ThreatModel::PathNode source, ThreatModel::PathNode sink
where ThreatModel::flowPath(source, sink)

30
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.expected
View File

@@ -1,19 +1,27 @@
models
| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
| 2 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
| 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
| 5 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual |
| 6 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual |
| 7 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual |
edges
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1887 |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1819 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1137 |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:3 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:2 |
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:1887 |
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:52967 |
| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:52968 |
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:52970 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:4 |
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:5 |
| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:6 |
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:7 |
nodes
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |

2
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest3.ql
View File

@@ -4,7 +4,7 @@
*/
import Test
import ThreatModel::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<ThreatModel::PathNode, ThreatModel::PathGraph>
from ThreatModel::PathNode source, ThreatModel::PathNode sink
where ThreatModel::flowPath(source, sink)

35
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.expected
View File

@@ -1,21 +1,30 @@
models
| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
| 2 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
| 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
| 5 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual |
| 6 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual |
| 7 | Source: My.Qltest; TestSources; false; GetCustom; (System.String); ; ReturnValue; custom; manual |
| 8 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual |
edges
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1887 |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1819 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1137 |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:3 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:2 |
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:1887 |
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:52967 |
| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:52968 |
| Test.cs:53:20:53:25 | access to local variable result : String | Test.cs:56:42:56:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:53:29:53:52 | call to method GetCustom : String | Test.cs:53:20:53:25 | access to local variable result : String | provenance | Src:MaD:52969 |
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:52970 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:4 |
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:5 |
| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:6 |
| Test.cs:53:20:53:25 | access to local variable result : String | Test.cs:56:42:56:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:53:29:53:52 | call to method GetCustom : String | Test.cs:53:20:53:25 | access to local variable result : String | provenance | Src:MaD:7 |
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:8 |
nodes
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |

2
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest4.ql
View File

@@ -3,7 +3,7 @@
*/
import Test
import ThreatModel::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<ThreatModel::PathNode, ThreatModel::PathGraph>
from ThreatModel::PathNode source, ThreatModel::PathNode sink
where ThreatModel::flowPath(source, sink)

25
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.expected
View File

@@ -1,17 +1,24 @@
models
| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
| 2 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
| 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
| 5 | Source: My.Qltest; TestSources; false; ReadEnv; (System.String); ; ReturnValue; environment; manual |
| 6 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual |
edges
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1887 |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1819 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1137 |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:3 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:2 |
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:1887 |
| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:52969 |
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:52971 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:4 |
| Test.cs:43:20:43:25 | access to local variable result : String | Test.cs:46:42:46:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:43:29:43:50 | call to method ReadEnv : String | Test.cs:43:20:43:25 | access to local variable result : String | provenance | Src:MaD:5 |
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:6 |
nodes
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |

2
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest5.ql
View File

@@ -4,7 +4,7 @@
*/
import Test
import ThreatModel::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<ThreatModel::PathNode, ThreatModel::PathGraph>
from ThreatModel::PathNode source, ThreatModel::PathNode sink
where ThreatModel::flowPath(source, sink)

25
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.expected
View File

@@ -1,17 +1,24 @@
models
| 1 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
| 2 | Summary: System.IO; Stream; true; Read; (System.Byte[],System.Int32,System.Int32); ; Argument[this]; Argument[0].Element; taint; manual |
| 3 | Source: System.Net.Sockets; TcpClient; false; GetStream; ; ; ReturnValue; remote; manual |
| 4 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
| 5 | Source: My.Qltest; TestSources; false; ExecuteQuery; (System.String); ; ReturnValue; database; manual |
| 6 | Source: My.Qltest; TestSources; false; GetCliArg; (System.Int32); ; ReturnValue; commandargs; manual |
edges
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | provenance | |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:1887 |
| Test.cs:15:56:15:60 | access to parameter bytes : Byte[] [element] : Object | Test.cs:15:20:15:61 | call to method GetString : String | provenance | MaD:4 |
| Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | provenance | |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:1819 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:1137 |
| Test.cs:23:42:23:59 | call to method GetStream : NetworkStream | Test.cs:23:33:23:38 | access to local variable stream : NetworkStream | provenance | Src:MaD:3 |
| Test.cs:25:29:25:34 | access to local variable stream : NetworkStream | Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | provenance | MaD:2 |
| Test.cs:25:41:25:46 | [post] access to local variable buffer : Byte[] [element] : Object | Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | provenance | |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:28:85:28:105 | call to method BytesToString : String | Test.cs:28:42:28:111 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | provenance | |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:1887 |
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:52968 |
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:948 |
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:52971 |
| Test.cs:28:99:28:104 | access to local variable buffer : Byte[] [element] : Object | Test.cs:28:85:28:105 | call to method BytesToString : String | provenance | MaD:4 |
| Test.cs:34:20:34:25 | access to local variable result : String | Test.cs:37:42:37:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:34:29:34:69 | call to method ExecuteQuery : String | Test.cs:34:20:34:25 | access to local variable result : String | provenance | Src:MaD:5 |
| Test.cs:62:20:62:25 | access to local variable result : String | Test.cs:65:42:65:96 | ... + ... | provenance | Sink:MaD:1 |
| Test.cs:62:29:62:48 | call to method GetCliArg : String | Test.cs:62:20:62:25 | access to local variable result : String | provenance | Src:MaD:6 |
nodes
| Test.cs:12:45:12:49 | bytes : Byte[] [element] : Object | semmle.label | bytes : Byte[] [element] : Object |
| Test.cs:15:20:15:61 | call to method GetString : String | semmle.label | call to method GetString : String |

2
csharp/ql/test/library-tests/dataflow/threat-models/threat-models-flowtest6.ql
View File

@@ -5,7 +5,7 @@
*/
import Test
import ThreatModel::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<ThreatModel::PathNode, ThreatModel::PathGraph>
from ThreatModel::PathNode source, ThreatModel::PathNode sink
where ThreatModel::flowPath(source, sink)

49
csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.expected
View File

@@ -1,17 +1,22 @@
models
| 1 | Summary: Microsoft.EntityFrameworkCore; DbSet<TEntity>; false; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual |
| 2 | Summary: System.Data.Entity; DbSet<TEntity>; false; Add; (TEntity); ; Argument[0]; Argument[this].Element; value; manual |
| 3 | Summary: System.Linq; Enumerable; false; First<TSource>; (System.Collections.Generic.IEnumerable<TSource>); ; Argument[0].Element; ReturnValue; value; manual |
| 4 | Summary: System.Linq; Queryable; false; First<TSource>; (System.Linq.IQueryable<TSource>); ; Argument[0].Element; ReturnValue; value; manual |
edges
| EntityFramework.cs:58:17:58:18 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:66:29:66:30 | access to local variable p1 : Person [property Name] : String | provenance | |
| EntityFramework.cs:59:13:62:13 | { ..., ... } : Person [property Name] : String | EntityFramework.cs:58:17:58:18 | access to local variable p1 : Person [property Name] : String | provenance | |
| EntityFramework.cs:61:24:61:32 | "tainted" : String | EntityFramework.cs:59:13:62:13 | { ..., ... } : Person [property Name] : String | provenance | |
| EntityFramework.cs:66:13:66:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:68:13:68:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFramework.cs:66:13:66:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | EntityFramework.cs:66:13:66:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFramework.cs:66:29:66:30 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:66:13:66:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:925 |
| EntityFramework.cs:66:29:66:30 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:66:13:66:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:2 |
| EntityFramework.cs:68:13:68:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet<Person> [element, property Name] : String | provenance | DbContextSaveChanges |
| EntityFramework.cs:80:17:80:18 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:88:29:88:30 | access to local variable p1 : Person [property Name] : String | provenance | |
| EntityFramework.cs:81:13:84:13 | { ..., ... } : Person [property Name] : String | EntityFramework.cs:80:17:80:18 | access to local variable p1 : Person [property Name] : String | provenance | |
| EntityFramework.cs:83:24:83:32 | "tainted" : String | EntityFramework.cs:81:13:84:13 | { ..., ... } : Person [property Name] : String | provenance | |
| EntityFramework.cs:88:13:88:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:90:19:90:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFramework.cs:88:13:88:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | EntityFramework.cs:88:13:88:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFramework.cs:88:29:88:30 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:88:13:88:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:925 |
| EntityFramework.cs:88:29:88:30 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:88:13:88:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:2 |
| EntityFramework.cs:90:19:90:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet<Person> [element, property Name] : String | provenance | DbContextSaveChanges |
| EntityFramework.cs:102:17:102:18 | access to local variable p1 : Person [property Name] : String | EntityFramework.cs:109:27:109:28 | access to local variable p1 : Person [property Name] : String | provenance | |
| EntityFramework.cs:103:13:106:13 | { ..., ... } : Person [property Name] : String | EntityFramework.cs:102:17:102:18 | access to local variable p1 : Person [property Name] : String | provenance | |
@@ -33,7 +38,7 @@ edges
| EntityFramework.cs:149:13:149:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | |
| EntityFramework.cs:149:13:149:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | |
| EntityFramework.cs:149:13:149:23 | [post] access to property Persons : DbSet<T> [element, property Addresses, element, property Street] : String | EntityFramework.cs:149:13:149:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | |
| EntityFramework.cs:149:29:149:30 | access to local variable p1 : Person [property Addresses, element, property Street] : String | EntityFramework.cs:149:13:149:23 | [post] access to property Persons : DbSet<T> [element, property Addresses, element, property Street] : String | provenance | MaD:925 |
| EntityFramework.cs:149:29:149:30 | access to local variable p1 : Person [property Addresses, element, property Street] : String | EntityFramework.cs:149:13:149:23 | [post] access to property Persons : DbSet<T> [element, property Addresses, element, property Street] : String | provenance | MaD:2 |
| EntityFramework.cs:150:13:150:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFramework.cs:150:13:150:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFramework.cs:154:13:154:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
@@ -44,7 +49,7 @@ edges
| EntityFramework.cs:161:13:161:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | |
| EntityFramework.cs:161:13:161:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:166:13:166:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | |
| EntityFramework.cs:161:13:161:25 | [post] access to property Addresses : DbSet<T> [element, property Street] : String | EntityFramework.cs:161:13:161:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | |
| EntityFramework.cs:161:31:161:32 | access to local variable a1 : Address [property Street] : String | EntityFramework.cs:161:13:161:25 | [post] access to property Addresses : DbSet<T> [element, property Street] : String | provenance | MaD:925 |
| EntityFramework.cs:161:31:161:32 | access to local variable a1 : Address [property Street] : String | EntityFramework.cs:161:13:161:25 | [post] access to property Addresses : DbSet<T> [element, property Street] : String | provenance | MaD:2 |
| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFramework.cs:162:13:162:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
@@ -71,8 +76,8 @@ edges
| EntityFramework.cs:183:13:183:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFramework.cs:190:13:190:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | provenance | |
| EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Address, property Street] : String | EntityFramework.cs:183:13:183:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | provenance | |
| EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Person, property Name] : String | EntityFramework.cs:183:13:183:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | provenance | |
| EntityFramework.cs:183:37:183:53 | access to local variable personAddressMap1 : PersonAddressMap [property Address, property Street] : String | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Address, property Street] : String | provenance | MaD:925 |
| EntityFramework.cs:183:37:183:53 | access to local variable personAddressMap1 : PersonAddressMap [property Person, property Name] : String | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Person, property Name] : String | provenance | MaD:925 |
| EntityFramework.cs:183:37:183:53 | access to local variable personAddressMap1 : PersonAddressMap [property Address, property Street] : String | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Address, property Street] : String | provenance | MaD:2 |
| EntityFramework.cs:183:37:183:53 | access to local variable personAddressMap1 : PersonAddressMap [property Person, property Name] : String | EntityFramework.cs:183:13:183:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Person, property Name] : String | provenance | MaD:2 |
| EntityFramework.cs:184:13:184:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFramework.cs:184:13:184:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFramework.cs:184:13:184:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet<Person> [element, property Name] : String | provenance | DbContextSaveChanges |
@@ -82,15 +87,15 @@ edges
| EntityFramework.cs:193:35:193:35 | p : Person [property Name] : String | EntityFramework.cs:196:29:196:29 | access to parameter p : Person [property Name] : String | provenance | |
| EntityFramework.cs:196:13:196:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:197:13:197:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFramework.cs:196:13:196:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | EntityFramework.cs:196:13:196:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFramework.cs:196:29:196:29 | access to parameter p : Person [property Name] : String | EntityFramework.cs:196:13:196:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:925 |
| EntityFramework.cs:196:29:196:29 | access to parameter p : Person [property Name] : String | EntityFramework.cs:196:13:196:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:2 |
| EntityFramework.cs:197:13:197:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet<Person> [element, property Name] : String | provenance | DbContextSaveChanges |
| EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet<Person> [element, property Name] : String | EntityFramework.cs:204:18:204:36 | call to method First<Person> : Person [property Name] : String | provenance | MaD:1678 |
| EntityFramework.cs:204:18:204:28 | access to property Persons : DbSet<Person> [element, property Name] : String | EntityFramework.cs:204:18:204:36 | call to method First<Person> : Person [property Name] : String | provenance | MaD:4 |
| EntityFramework.cs:204:18:204:36 | call to method First<Person> : Person [property Name] : String | EntityFramework.cs:204:18:204:41 | access to property Name | provenance | |
| EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | EntityFramework.cs:212:18:212:38 | call to method First<Address> : Address [property Street] : String | provenance | MaD:1678 |
| EntityFramework.cs:212:18:212:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | EntityFramework.cs:212:18:212:38 | call to method First<Address> : Address [property Street] : String | provenance | MaD:4 |
| EntityFramework.cs:212:18:212:38 | call to method First<Address> : Address [property Street] : String | EntityFramework.cs:212:18:212:45 | access to property Street | provenance | |
| EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:36 | call to method First<Person> : Person [property Addresses, element, property Street] : String | provenance | MaD:1678 |
| EntityFramework.cs:219:18:219:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:36 | call to method First<Person> : Person [property Addresses, element, property Street] : String | provenance | MaD:4 |
| EntityFramework.cs:219:18:219:36 | call to method First<Person> : Person [property Addresses, element, property Street] : String | EntityFramework.cs:219:18:219:46 | access to property Addresses : ICollection<Address> [element, property Street] : String | provenance | |
| EntityFramework.cs:219:18:219:46 | access to property Addresses : ICollection<Address> [element, property Street] : String | EntityFramework.cs:219:18:219:54 | call to method First<Address> : Address [property Street] : String | provenance | MaD:1211 |
| EntityFramework.cs:219:18:219:46 | access to property Addresses : ICollection<Address> [element, property Street] : String | EntityFramework.cs:219:18:219:54 | call to method First<Address> : Address [property Street] : String | provenance | MaD:3 |
| EntityFramework.cs:219:18:219:54 | call to method First<Address> : Address [property Street] : String | EntityFramework.cs:219:18:219:61 | access to property Street | provenance | |
| EntityFrameworkCore.cs:82:17:82:27 | access to local variable taintSource : String | EntityFrameworkCore.cs:83:18:83:28 | access to local variable taintSource | provenance | |
| EntityFrameworkCore.cs:82:17:82:27 | access to local variable taintSource : String | EntityFrameworkCore.cs:84:35:84:45 | access to local variable taintSource : String | provenance | |
@@ -106,14 +111,14 @@ edges
| EntityFrameworkCore.cs:94:24:94:32 | "tainted" : String | EntityFrameworkCore.cs:92:13:95:13 | { ..., ... } : Person [property Name] : String | provenance | |
| EntityFrameworkCore.cs:99:13:99:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:101:13:101:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFrameworkCore.cs:99:13:99:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | EntityFrameworkCore.cs:99:13:99:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFrameworkCore.cs:99:29:99:30 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:99:13:99:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:148 |
| EntityFrameworkCore.cs:99:29:99:30 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:99:13:99:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:1 |
| EntityFrameworkCore.cs:101:13:101:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet<Person> [element, property Name] : String | provenance | DbContextSaveChanges |
| EntityFrameworkCore.cs:113:17:113:18 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:121:29:121:30 | access to local variable p1 : Person [property Name] : String | provenance | |
| EntityFrameworkCore.cs:114:13:117:13 | { ..., ... } : Person [property Name] : String | EntityFrameworkCore.cs:113:17:113:18 | access to local variable p1 : Person [property Name] : String | provenance | |
| EntityFrameworkCore.cs:116:24:116:32 | "tainted" : String | EntityFrameworkCore.cs:114:13:117:13 | { ..., ... } : Person [property Name] : String | provenance | |
| EntityFrameworkCore.cs:121:13:121:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:123:19:123:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFrameworkCore.cs:121:13:121:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | EntityFrameworkCore.cs:121:13:121:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFrameworkCore.cs:121:29:121:30 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:121:13:121:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:148 |
| EntityFrameworkCore.cs:121:29:121:30 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:121:13:121:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:1 |
| EntityFrameworkCore.cs:123:19:123:21 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet<Person> [element, property Name] : String | provenance | DbContextSaveChanges |
| EntityFrameworkCore.cs:135:17:135:18 | access to local variable p1 : Person [property Name] : String | EntityFrameworkCore.cs:142:27:142:28 | access to local variable p1 : Person [property Name] : String | provenance | |
| EntityFrameworkCore.cs:136:13:139:13 | { ..., ... } : Person [property Name] : String | EntityFrameworkCore.cs:135:17:135:18 | access to local variable p1 : Person [property Name] : String | provenance | |
@@ -135,7 +140,7 @@ edges
| EntityFrameworkCore.cs:182:13:182:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | |
| EntityFrameworkCore.cs:182:13:182:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | |
| EntityFrameworkCore.cs:182:13:182:23 | [post] access to property Persons : DbSet<T> [element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:182:13:182:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | provenance | |
| EntityFrameworkCore.cs:182:29:182:30 | access to local variable p1 : Person [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:182:13:182:23 | [post] access to property Persons : DbSet<T> [element, property Addresses, element, property Street] : String | provenance | MaD:148 |
| EntityFrameworkCore.cs:182:29:182:30 | access to local variable p1 : Person [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:182:13:182:23 | [post] access to property Persons : DbSet<T> [element, property Addresses, element, property Street] : String | provenance | MaD:1 |
| EntityFrameworkCore.cs:183:13:183:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFrameworkCore.cs:183:13:183:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFrameworkCore.cs:187:13:187:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
@@ -146,7 +151,7 @@ edges
| EntityFrameworkCore.cs:194:13:194:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | |
| EntityFrameworkCore.cs:194:13:194:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:199:13:199:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | |
| EntityFrameworkCore.cs:194:13:194:25 | [post] access to property Addresses : DbSet<T> [element, property Street] : String | EntityFrameworkCore.cs:194:13:194:15 | [post] access to local variable ctx : MyContext [property Addresses, element, property Street] : String | provenance | |
| EntityFrameworkCore.cs:194:31:194:32 | access to local variable a1 : Address [property Street] : String | EntityFrameworkCore.cs:194:13:194:25 | [post] access to property Addresses : DbSet<T> [element, property Street] : String | provenance | MaD:148 |
| EntityFrameworkCore.cs:194:31:194:32 | access to local variable a1 : Address [property Street] : String | EntityFrameworkCore.cs:194:13:194:25 | [post] access to property Addresses : DbSet<T> [element, property Street] : String | provenance | MaD:1 |
| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFrameworkCore.cs:195:13:195:15 | access to local variable ctx : MyContext [property Persons, element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
@@ -173,8 +178,8 @@ edges
| EntityFrameworkCore.cs:216:13:216:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFrameworkCore.cs:223:13:223:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | provenance | |
| EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Address, property Street] : String | EntityFrameworkCore.cs:216:13:216:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | provenance | |
| EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Person, property Name] : String | EntityFrameworkCore.cs:216:13:216:15 | [post] access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | provenance | |
| EntityFrameworkCore.cs:216:37:216:53 | access to local variable personAddressMap1 : PersonAddressMap [property Address, property Street] : String | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Address, property Street] : String | provenance | MaD:148 |
| EntityFrameworkCore.cs:216:37:216:53 | access to local variable personAddressMap1 : PersonAddressMap [property Person, property Name] : String | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Person, property Name] : String | provenance | MaD:148 |
| EntityFrameworkCore.cs:216:37:216:53 | access to local variable personAddressMap1 : PersonAddressMap [property Address, property Street] : String | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Address, property Street] : String | provenance | MaD:1 |
| EntityFrameworkCore.cs:216:37:216:53 | access to local variable personAddressMap1 : PersonAddressMap [property Person, property Name] : String | EntityFrameworkCore.cs:216:13:216:31 | [post] access to property PersonAddresses : DbSet<T> [element, property Person, property Name] : String | provenance | MaD:1 |
| EntityFrameworkCore.cs:217:13:217:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFrameworkCore.cs:217:13:217:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Address, property Street] : String | EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | provenance | DbContextSaveChanges |
| EntityFrameworkCore.cs:217:13:217:15 | access to local variable ctx : MyContext [property PersonAddresses, element, property Person, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet<Person> [element, property Name] : String | provenance | DbContextSaveChanges |
@@ -184,15 +189,15 @@ edges
| EntityFrameworkCore.cs:226:35:226:35 | p : Person [property Name] : String | EntityFrameworkCore.cs:229:29:229:29 | access to parameter p : Person [property Name] : String | provenance | |
| EntityFrameworkCore.cs:229:13:229:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:230:13:230:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFrameworkCore.cs:229:13:229:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | EntityFrameworkCore.cs:229:13:229:15 | [post] access to local variable ctx : MyContext [property Persons, element, property Name] : String | provenance | |
| EntityFrameworkCore.cs:229:29:229:29 | access to parameter p : Person [property Name] : String | EntityFrameworkCore.cs:229:13:229:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:148 |
| EntityFrameworkCore.cs:229:29:229:29 | access to parameter p : Person [property Name] : String | EntityFrameworkCore.cs:229:13:229:23 | [post] access to property Persons : DbSet<T> [element, property Name] : String | provenance | MaD:1 |
| EntityFrameworkCore.cs:230:13:230:15 | access to local variable ctx : MyContext [property Persons, element, property Name] : String | EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet<Person> [element, property Name] : String | provenance | DbContextSaveChanges |
| EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet<Person> [element, property Name] : String | EntityFrameworkCore.cs:237:18:237:36 | call to method First<Person> : Person [property Name] : String | provenance | MaD:1211 |
| EntityFrameworkCore.cs:237:18:237:28 | access to property Persons : DbSet<Person> [element, property Name] : String | EntityFrameworkCore.cs:237:18:237:36 | call to method First<Person> : Person [property Name] : String | provenance | MaD:3 |
| EntityFrameworkCore.cs:237:18:237:36 | call to method First<Person> : Person [property Name] : String | EntityFrameworkCore.cs:237:18:237:41 | access to property Name | provenance | |
| EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | EntityFrameworkCore.cs:245:18:245:38 | call to method First<Address> : Address [property Street] : String | provenance | MaD:1211 |
| EntityFrameworkCore.cs:245:18:245:30 | access to property Addresses : DbSet<Address> [element, property Street] : String | EntityFrameworkCore.cs:245:18:245:38 | call to method First<Address> : Address [property Street] : String | provenance | MaD:3 |
| EntityFrameworkCore.cs:245:18:245:38 | call to method First<Address> : Address [property Street] : String | EntityFrameworkCore.cs:245:18:245:45 | access to property Street | provenance | |
| EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:36 | call to method First<Person> : Person [property Addresses, element, property Street] : String | provenance | MaD:1211 |
| EntityFrameworkCore.cs:252:18:252:28 | access to property Persons : DbSet<Person> [element, property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:36 | call to method First<Person> : Person [property Addresses, element, property Street] : String | provenance | MaD:3 |
| EntityFrameworkCore.cs:252:18:252:36 | call to method First<Person> : Person [property Addresses, element, property Street] : String | EntityFrameworkCore.cs:252:18:252:46 | access to property Addresses : ICollection<Address> [element, property Street] : String | provenance | |
| EntityFrameworkCore.cs:252:18:252:46 | access to property Addresses : ICollection<Address> [element, property Street] : String | EntityFrameworkCore.cs:252:18:252:54 | call to method First<Address> : Address [property Street] : String | provenance | MaD:1211 |
| EntityFrameworkCore.cs:252:18:252:46 | access to property Addresses : ICollection<Address> [element, property Street] : String | EntityFrameworkCore.cs:252:18:252:54 | call to method First<Address> : Address [property Street] : String | provenance | MaD:3 |
| EntityFrameworkCore.cs:252:18:252:54 | call to method First<Address> : Address [property Street] : String | EntityFrameworkCore.cs:252:18:252:61 | access to property Street | provenance | |
nodes
| EntityFramework.cs:58:17:58:18 | access to local variable p1 : Person [property Name] : String | semmle.label | access to local variable p1 : Person [property Name] : String |

2
csharp/ql/test/library-tests/frameworks/EntityFramework/Dataflow.ql
View File

@@ -3,7 +3,7 @@
*/
import csharp
import Taint::PathGraph
import TestUtilities.ProvenancePathGraph::ShowProvenance<Taint::PathNode, Taint::PathGraph>
module TaintConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node node) { node.asExpr().getValue() = "tainted" }

13
csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.expected
View File

@@ -1,8 +1,14 @@
#select
| UntrustedData.cs:9:20:9:30 | access to property Request | UntrustedData.cs:9:20:9:30 | access to property Request | UntrustedData.cs:9:20:9:30 | access to property Request | Call to System.Web.HttpRequest.get_QueryString with untrusted data from $@. | UntrustedData.cs:9:20:9:30 | access to property Request | access to property Request |
| UntrustedData.cs:13:28:13:31 | access to local variable name | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:13:28:13:31 | access to local variable name | Call to System.Web.HttpResponse.Write with untrusted data from $@. | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | access to property QueryString : NameValueCollection |
edges
| UntrustedData.cs:9:13:9:16 | access to local variable name : String | UntrustedData.cs:13:28:13:31 | access to local variable name | provenance | Sink:MaD:2159 |
| UntrustedData.cs:9:13:9:16 | access to local variable name : String | UntrustedData.cs:13:28:13:31 | access to local variable name | provenance | Sink:MaD:1 |
| UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:13:9:16 | access to local variable name : String | provenance | |
| UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:20:9:50 | access to indexer : String | provenance | MaD:11546 |
| UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:9:20:9:50 | access to indexer : String | provenance | MaD:2 |
| UntrustedData.cs:9:20:9:50 | access to indexer : String | UntrustedData.cs:9:13:9:16 | access to local variable name : String | provenance | |
models
| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| UntrustedData.cs:9:13:9:16 | access to local variable name : String | semmle.label | access to local variable name : String |
| UntrustedData.cs:9:20:9:30 | access to property Request | semmle.label | access to property Request |
@@ -10,6 +16,3 @@ nodes
| UntrustedData.cs:9:20:9:50 | access to indexer : String | semmle.label | access to indexer : String |
| UntrustedData.cs:13:28:13:31 | access to local variable name | semmle.label | access to local variable name |
subpaths
#select
| UntrustedData.cs:9:20:9:30 | access to property Request | UntrustedData.cs:9:20:9:30 | access to property Request | UntrustedData.cs:9:20:9:30 | access to property Request | Call to System.Web.HttpRequest.get_QueryString with untrusted data from $@. | UntrustedData.cs:9:20:9:30 | access to property Request | access to property Request |
| UntrustedData.cs:13:28:13:31 | access to local variable name | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | UntrustedData.cs:13:28:13:31 | access to local variable name | Call to System.Web.HttpResponse.Write with untrusted data from $@. | UntrustedData.cs:9:20:9:42 | access to property QueryString : NameValueCollection | access to property QueryString : NameValueCollection |

3
csharp/ql/test/query-tests/Security Features/CWE-020/UntrustedDataToExternalAPI.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-020/UntrustedDataToExternalAPI.ql
query: Security Features/CWE-020/UntrustedDataToExternalAPI.ql
postprocess: TestUtilities/PrettyPrintModels.ql

20
csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.expected
View File

@@ -1,3 +1,11 @@
#select
| TaintedPath.cs:12:50:12:53 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:12:50:12:53 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:17:51:17:54 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:17:51:17:54 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:25:30:25:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:25:30:25:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:31:30:31:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:31:30:31:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:36:25:36:31 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:36:25:36:31 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:38:49:38:55 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:38:49:38:55 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:51:26:51:29 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:51:26:51:29 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
edges
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:12:50:12:53 | access to local variable path | provenance | |
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:17:51:17:54 | access to local variable path | provenance | |
@@ -6,10 +14,12 @@ edges
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | provenance | |
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | TaintedPath.cs:51:26:51:29 | access to local variable path | provenance | |
| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:10:16:10:19 | access to local variable path : String | provenance | |
| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:10:23:10:53 | access to indexer : String | provenance | MaD:11546 |
| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:10:23:10:53 | access to indexer : String | provenance | MaD:1 |
| TaintedPath.cs:10:23:10:53 | access to indexer : String | TaintedPath.cs:10:16:10:19 | access to local variable path : String | provenance | |
| TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:36:25:36:31 | access to local variable badPath | provenance | |
| TaintedPath.cs:35:16:35:22 | access to local variable badPath : String | TaintedPath.cs:38:49:38:55 | access to local variable badPath | provenance | |
models
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| TaintedPath.cs:10:16:10:19 | access to local variable path : String | semmle.label | access to local variable path : String |
| TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
@@ -23,11 +33,3 @@ nodes
| TaintedPath.cs:38:49:38:55 | access to local variable badPath | semmle.label | access to local variable badPath |
| TaintedPath.cs:51:26:51:29 | access to local variable path | semmle.label | access to local variable path |
subpaths
#select
| TaintedPath.cs:12:50:12:53 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:12:50:12:53 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:17:51:17:54 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:17:51:17:54 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:25:30:25:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:25:30:25:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:31:30:31:33 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:31:30:31:33 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:36:25:36:31 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:36:25:36:31 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:38:49:38:55 | access to local variable badPath | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:38:49:38:55 | access to local variable badPath | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |
| TaintedPath.cs:51:26:51:29 | access to local variable path | TaintedPath.cs:10:23:10:45 | access to property QueryString : NameValueCollection | TaintedPath.cs:51:26:51:29 | access to local variable path | This path depends on a $@. | TaintedPath.cs:10:23:10:45 | access to property QueryString | user-provided value |

4
csharp/ql/test/query-tests/Security Features/CWE-022/TaintedPath/TaintedPath.qlref
View File

@@ -1 +1,3 @@
Security Features/CWE-022/TaintedPath.ql
query: Security Features/CWE-022/TaintedPath.ql
postprocess: TestUtilities/PrettyPrintModels.ql

37
csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.expected
View File

@@ -1,30 +1,43 @@
#select
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:18:31:18:44 | access to property FullName | ZipSlip.cs:18:31:18:44 | access to property FullName : String | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | file system operation |
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | file system operation |
| ZipSlipBad.cs:9:59:9:72 | access to property FullName | ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | file system operation |
edges
| ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | ZipSlip.cs:30:71:30:78 | access to local variable fullPath : String | provenance | |
| ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | ZipSlip.cs:38:81:38:88 | access to local variable fullPath : String | provenance | |
| ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | provenance | |
| ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | provenance | MaD:1124 |
| ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | provenance | MaD:2 |
| ZipSlip.cs:18:24:18:27 | access to local variable file : String | ZipSlip.cs:22:71:22:74 | access to local variable file : String | provenance | |
| ZipSlip.cs:18:31:18:44 | access to property FullName : String | ZipSlip.cs:18:24:18:27 | access to local variable file : String | provenance | |
| ZipSlip.cs:22:28:22:39 | access to local variable destFileName : String | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | provenance | |
| ZipSlip.cs:22:43:22:75 | call to method Combine : String | ZipSlip.cs:22:28:22:39 | access to local variable destFileName : String | provenance | |
| ZipSlip.cs:22:71:22:74 | access to local variable file : String | ZipSlip.cs:22:43:22:75 | call to method Combine : String | provenance | MaD:1107 |
| ZipSlip.cs:22:71:22:74 | access to local variable file : String | ZipSlip.cs:22:43:22:75 | call to method Combine : String | provenance | MaD:1 |
| ZipSlip.cs:30:28:30:39 | access to local variable destFilePath : String | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | provenance | |
| ZipSlip.cs:30:28:30:39 | access to local variable destFilePath : String | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | provenance | |
| ZipSlip.cs:30:43:30:79 | call to method Combine : String | ZipSlip.cs:30:28:30:39 | access to local variable destFilePath : String | provenance | |
| ZipSlip.cs:30:71:30:78 | access to local variable fullPath : String | ZipSlip.cs:30:43:30:79 | call to method Combine : String | provenance | MaD:1107 |
| ZipSlip.cs:30:71:30:78 | access to local variable fullPath : String | ZipSlip.cs:30:43:30:79 | call to method Combine : String | provenance | MaD:1 |
| ZipSlip.cs:38:21:38:32 | access to local variable destFilePath : String | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | provenance | |
| ZipSlip.cs:38:36:38:90 | call to method GetFullPath : String | ZipSlip.cs:38:21:38:32 | access to local variable destFilePath : String | provenance | |
| ZipSlip.cs:38:53:38:89 | call to method Combine : String | ZipSlip.cs:38:36:38:90 | call to method GetFullPath : String | provenance | MaD:1124 |
| ZipSlip.cs:38:81:38:88 | access to local variable fullPath : String | ZipSlip.cs:38:53:38:89 | call to method Combine : String | provenance | MaD:1107 |
| ZipSlip.cs:38:53:38:89 | call to method Combine : String | ZipSlip.cs:38:36:38:90 | call to method GetFullPath : String | provenance | MaD:2 |
| ZipSlip.cs:38:81:38:88 | access to local variable fullPath : String | ZipSlip.cs:38:53:38:89 | call to method Combine : String | provenance | MaD:1 |
| ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | provenance | |
| ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | provenance | |
| ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | provenance | |
| ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | provenance | |
| ZipSlip.cs:61:47:61:86 | call to method Combine : String | ZipSlip.cs:61:32:61:43 | access to local variable destFilePath : String | provenance | |
| ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:61:47:61:86 | call to method Combine : String | provenance | MaD:1107 |
| ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:61:47:61:86 | call to method Combine : String | provenance | MaD:1 |
| ZipSlipBad.cs:9:16:9:27 | access to local variable destFileName : String | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | provenance | |
| ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | ZipSlipBad.cs:9:16:9:27 | access to local variable destFileName : String | provenance | |
| ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | provenance | MaD:1107 |
| ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:9:31:9:73 | call to method Combine : String | provenance | MaD:1 |
models
| 1 | Summary: System.IO; Path; false; Combine; (System.String,System.String); ; Argument[1]; ReturnValue; taint; manual |
| 2 | Summary: System.IO; Path; false; GetFullPath; (System.String); ; Argument[0]; ReturnValue; taint; manual |
nodes
| ZipSlip.cs:15:24:15:31 | access to local variable fullPath : String | semmle.label | access to local variable fullPath : String |
| ZipSlip.cs:15:35:15:66 | call to method GetFullPath : String | semmle.label | call to method GetFullPath : String |
@@ -57,13 +70,3 @@ nodes
| ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | semmle.label | access to property FullName : String |
| ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | semmle.label | access to local variable destFileName |
subpaths
#select
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:31:41:31:52 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:35:45:35:56 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:15:52:15:65 | access to property FullName | ZipSlip.cs:15:52:15:65 | access to property FullName : String | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:39:41:39:52 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:18:31:18:44 | access to property FullName | ZipSlip.cs:18:31:18:44 | access to property FullName : String | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:23:41:23:52 | access to local variable destFileName | file system operation |
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:68:74:68:85 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:75:71:75:82 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:82:57:82:68 | access to local variable destFilePath | file system operation |
| ZipSlip.cs:61:72:61:85 | access to property FullName | ZipSlip.cs:61:72:61:85 | access to property FullName : String | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlip.cs:90:58:90:69 | access to local variable destFilePath | file system operation |
| ZipSlipBad.cs:9:59:9:72 | access to property FullName | ZipSlipBad.cs:9:59:9:72 | access to property FullName : String | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | Unsanitized archive entry, which may contain '..', is used in a $@. | ZipSlipBad.cs:10:29:10:40 | access to local variable destFileName | file system operation |

3
csharp/ql/test/query-tests/Security Features/CWE-022/ZipSlip/ZipSlip.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-022/ZipSlip.ql
query: Security Features/CWE-022/ZipSlip.ql
postprocess: TestUtilities/PrettyPrintModels.ql

25
csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.expected
View File

@@ -1,3 +1,12 @@
#select
| CommandInjection.cs:28:27:28:47 | ... + ... | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:27:28:47 | ... + ... | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:28:50:28:66 | ... + ... | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:50:28:66 | ... + ... | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:30:63:30:71 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:30:63:30:71 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:30:74:30:82 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:30:74:30:82 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:34:39:34:47 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:34:39:34:47 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:35:40:35:48 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:35:40:35:48 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:36:47:36:55 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:36:47:36:55 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:51:46:51:80 | ... + ... | CommandInjection.cs:46:48:46:78 | call to method ExecuteReader : SqlDataReader | CommandInjection.cs:51:46:51:80 | ... + ... | This command line depends on a $@. | CommandInjection.cs:46:48:46:78 | call to method ExecuteReader | user-provided value |
edges
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:28:27:28:47 | ... + ... | provenance | |
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:28:50:28:66 | ... + ... | provenance | |
@@ -6,12 +15,15 @@ edges
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:34:39:34:47 | access to local variable userInput | provenance | |
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:35:40:35:48 | access to local variable userInput | provenance | |
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | CommandInjection.cs:36:47:36:55 | access to local variable userInput | provenance | |
| CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:27:32:27:51 | access to property Text : String | provenance | MaD:2156 |
| CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:27:32:27:51 | access to property Text : String | provenance | MaD:2 |
| CommandInjection.cs:27:32:27:51 | access to property Text : String | CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | provenance | |
| CommandInjection.cs:46:31:46:44 | access to local variable customerReader : SqlDataReader | CommandInjection.cs:51:54:51:67 | access to local variable customerReader : SqlDataReader | provenance | |
| CommandInjection.cs:46:48:46:78 | call to method ExecuteReader : SqlDataReader | CommandInjection.cs:46:31:46:44 | access to local variable customerReader : SqlDataReader | provenance | |
| CommandInjection.cs:51:54:51:67 | access to local variable customerReader : SqlDataReader | CommandInjection.cs:51:54:51:80 | call to method GetString : String | provenance | MaD:1007 |
| CommandInjection.cs:51:54:51:67 | access to local variable customerReader : SqlDataReader | CommandInjection.cs:51:54:51:80 | call to method GetString : String | provenance | MaD:1 |
| CommandInjection.cs:51:54:51:80 | call to method GetString : String | CommandInjection.cs:51:46:51:80 | ... + ... | provenance | |
models
| 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
| 2 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
nodes
| CommandInjection.cs:27:20:27:28 | access to local variable userInput : String | semmle.label | access to local variable userInput : String |
| CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox |
@@ -29,12 +41,3 @@ nodes
| CommandInjection.cs:51:54:51:67 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
| CommandInjection.cs:51:54:51:80 | call to method GetString : String | semmle.label | call to method GetString : String |
subpaths
#select
| CommandInjection.cs:28:27:28:47 | ... + ... | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:27:28:47 | ... + ... | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:28:50:28:66 | ... + ... | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:28:50:28:66 | ... + ... | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:30:63:30:71 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:30:63:30:71 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:30:74:30:82 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:30:74:30:82 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:34:39:34:47 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:34:39:34:47 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:35:40:35:48 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:35:40:35:48 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:36:47:36:55 | access to local variable userInput | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox : TextBox | CommandInjection.cs:36:47:36:55 | access to local variable userInput | This command line depends on a $@. | CommandInjection.cs:27:32:27:46 | access to field categoryTextBox | user-provided value |
| CommandInjection.cs:51:46:51:80 | ... + ... | CommandInjection.cs:46:48:46:78 | call to method ExecuteReader : SqlDataReader | CommandInjection.cs:51:46:51:80 | ... + ... | This command line depends on a $@. | CommandInjection.cs:46:48:46:78 | call to method ExecuteReader | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-078/CommandInjection.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-078/CommandInjection.ql
query: Security Features/CWE-078/CommandInjection.ql
postprocess: TestUtilities/PrettyPrintModels.ql

11
csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected
View File

@@ -1,8 +1,13 @@
#select
| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | StoredXSS.cs:22:44:22:86 | ... + ... | $@ flows to here and is written to HTML or JavaScript. | StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | User-provided value |
edges
| StoredXSS.cs:17:31:17:44 | access to local variable customerReader : SqlDataReader | StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | provenance | |
| StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | StoredXSS.cs:17:31:17:44 | access to local variable customerReader : SqlDataReader | provenance | |
| StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | StoredXSS.cs:22:60:22:86 | call to method GetString : String | provenance | MaD:1007 |
| StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | provenance | Sink:MaD:2159 |
| StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | StoredXSS.cs:22:60:22:86 | call to method GetString : String | provenance | MaD:1 |
| StoredXSS.cs:22:60:22:86 | call to method GetString : String | StoredXSS.cs:22:44:22:86 | ... + ... | provenance | Sink:MaD:2 |
models
| 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
nodes
| StoredXSS.cs:17:31:17:44 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
| StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | semmle.label | call to method ExecuteReader : SqlDataReader |
@@ -10,5 +15,3 @@ nodes
| StoredXSS.cs:22:60:22:73 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
| StoredXSS.cs:22:60:22:86 | call to method GetString : String | semmle.label | call to method GetString : String |
subpaths
#select
| StoredXSS.cs:22:44:22:86 | ... + ... | StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | StoredXSS.cs:22:44:22:86 | ... + ... | $@ flows to here and is written to HTML or JavaScript. | StoredXSS.cs:17:48:17:78 | call to method ExecuteReader : SqlDataReader | User-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-079/XSS.ql
query: Security Features/CWE-079/XSS.ql
postprocess: TestUtilities/PrettyPrintModels.ql

36
csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.expected
View File

@@ -1,22 +1,38 @@
#select
| Index.cshtml:14:16:14:22 | call to operator implicit conversion | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | Index.cshtml:14:16:14:22 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | User-provided value |
| XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | $@ flows to here and is written to HTML or JavaScript: System.Web.WebPages.WebPage.WriteLiteral() method. | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | User-provided value |
| XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | $@ flows to here and is written to HTML or JavaScript: System.Web.WebPages.WebPage.WriteLiteralTo() method. | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | User-provided value |
| XSSAspNet.cs:43:28:43:55 | access to indexer | XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | $@ flows to here and is written to HTML or JavaScript. | XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | User-provided value |
| XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | User-provided value |
| XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | XSSAspNetCore.cs:40:56:40:58 | foo : String | XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:40:56:40:58 | foo : String | User-provided value |
| XSSAspNetCore.cs:51:43:51:67 | access to property Value | XSSAspNetCore.cs:51:43:51:67 | access to property Value | XSSAspNetCore.cs:51:43:51:67 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:51:43:51:67 | access to property Value | User-provided value |
| XSSAspNetCore.cs:58:43:58:73 | call to method ToString | XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | User-provided value |
| XSSAspNetCore.cs:61:44:61:66 | access to indexer | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:66 | access to indexer | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | User-provided value |
| XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | User-provided value |
| XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | User-provided value |
edges
| Index.cshtml:5:9:5:15 | access to local variable message : StringValues | Index.cshtml:14:16:14:22 | call to operator implicit conversion | provenance | |
| Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | Index.cshtml:5:9:5:15 | access to local variable message : StringValues | provenance | |
| XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | provenance | |
| XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | provenance | |
| XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | provenance | |
| XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:19:25:19:52 | access to indexer : String | provenance | MaD:11546 |
| XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:19:25:19:52 | access to indexer : String | provenance | MaD:3 |
| XSSAspNet.cs:19:25:19:52 | access to indexer : String | XSSAspNet.cs:19:17:19:21 | access to local variable sayHi : String | provenance | |
| XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | provenance | |
| XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | provenance | MaD:11546 |
| XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | provenance | MaD:3 |
| XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | provenance | |
| XSSAspNetCore.cs:40:56:40:58 | foo : String | XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | provenance | |
| XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | XSSAspNetCore.cs:58:43:58:62 | access to indexer : StringValues | provenance | |
| XSSAspNetCore.cs:58:43:58:62 | access to indexer : StringValues | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | provenance | MaD:214 |
| XSSAspNetCore.cs:58:43:58:62 | access to indexer : StringValues | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | provenance | MaD:1 |
| XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | provenance | |
| XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | |
| XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | |
| XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | MaD:218 |
| XSSAspNetCore.cs:61:44:61:63 | access to indexer : StringValues | XSSAspNetCore.cs:61:44:61:66 | access to indexer | provenance | MaD:2 |
| XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | provenance | |
models
| 1 | Summary: Microsoft.Extensions.Primitives; StringValues; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual |
| 2 | Summary: Microsoft.Extensions.Primitives; StringValues; false; get_Item; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
| 3 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| Index.cshtml:5:9:5:15 | access to local variable message : StringValues | semmle.label | access to local variable message : StringValues |
| Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | semmle.label | access to property Query : IQueryCollection |
@@ -43,15 +59,3 @@ nodes
| XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | semmle.label | access to property Headers : IHeaderDictionary |
| XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | semmle.label | call to operator implicit conversion |
subpaths
#select
| Index.cshtml:14:16:14:22 | call to operator implicit conversion | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | Index.cshtml:14:16:14:22 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript: Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method. | Index.cshtml:5:19:5:31 | access to property Query : IQueryCollection | User-provided value |
| XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:26:30:26:34 | access to local variable sayHi | $@ flows to here and is written to HTML or JavaScript: System.Web.WebPages.WebPage.WriteLiteral() method. | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | User-provided value |
| XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | XSSAspNet.cs:36:40:36:44 | access to local variable sayHi | $@ flows to here and is written to HTML or JavaScript: System.Web.WebPages.WebPage.WriteLiteralTo() method. | XSSAspNet.cs:19:25:19:43 | access to property QueryString : NameValueCollection | User-provided value |
| XSSAspNet.cs:43:28:43:55 | access to indexer | XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | XSSAspNet.cs:43:28:43:55 | access to indexer | $@ flows to here and is written to HTML or JavaScript. | XSSAspNet.cs:43:28:43:46 | access to property QueryString : NameValueCollection | User-provided value |
| XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | XSSAspNetCore.cs:21:52:21:76 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:21:52:21:64 | access to property Query : IQueryCollection | User-provided value |
| XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | XSSAspNetCore.cs:40:56:40:58 | foo : String | XSSAspNetCore.cs:44:51:44:53 | access to parameter foo | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:40:56:40:58 | foo : String | User-provided value |
| XSSAspNetCore.cs:51:43:51:67 | access to property Value | XSSAspNetCore.cs:51:43:51:67 | access to property Value | XSSAspNetCore.cs:51:43:51:67 | access to property Value | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:51:43:51:67 | access to property Value | User-provided value |
| XSSAspNetCore.cs:58:43:58:73 | call to method ToString | XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | XSSAspNetCore.cs:58:43:58:73 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:58:43:58:55 | access to property Query : IQueryCollection | User-provided value |
| XSSAspNetCore.cs:61:44:61:66 | access to indexer | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | XSSAspNetCore.cs:61:44:61:66 | access to indexer | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:61:44:61:56 | access to property Query : IQueryCollection | User-provided value |
| XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:69:43:69:61 | access to property ContentType | User-provided value |
| XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | XSSAspNetCore.cs:72:51:72:72 | call to operator implicit conversion | $@ flows to here and is written to HTML or JavaScript. | XSSAspNetCore.cs:72:51:72:65 | access to property Headers : IHeaderDictionary | User-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSS.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-079/XSS.ql
query: Security Features/CWE-079/XSS.ql
postprocess: TestUtilities/PrettyPrintModels.ql

64
csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.expected
View File

@@ -1,39 +1,62 @@
#select
| XSS.cs:26:32:26:51 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:26:32:26:51 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
| XSS.cs:27:29:27:48 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:27:29:27:48 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
| XSS.cs:28:26:28:45 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:28:26:28:45 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
| XSS.cs:38:36:38:39 | access to local variable name | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:38:36:38:39 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:59:22:59:25 | access to local variable name | XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:59:22:59:25 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:76:36:76:39 | access to local variable name | XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:76:36:76:39 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:79:36:79:40 | access to local variable name2 | XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | XSS.cs:79:36:79:40 | access to local variable name2 | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | User-provided value |
| XSS.cs:86:28:86:31 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:86:28:86:31 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:87:31:87:34 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:87:31:87:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:95:31:95:34 | access to local variable name | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:95:31:95:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:135:20:135:33 | access to property RawUrl | User-provided value |
| script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:12:1:12:14 | <%= ... %> | User-provided value |
| script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:16:1:16:34 | <%= ... %> | User-provided value |
| script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:20:1:20:41 | <%= ... %> | User-provided value |
edges
| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | provenance | |
| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | provenance | |
| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | provenance | |
| XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:25:48:25:67 | access to property Text : String | provenance | MaD:2156 |
| XSS.cs:25:48:25:67 | access to property Text : String | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | provenance | MaD:1941 |
| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | XSS.cs:26:32:26:51 | call to method ToString | provenance | MaD:1980 |
| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | XSS.cs:27:29:27:48 | call to method ToString | provenance | MaD:1980 |
| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | XSS.cs:28:26:28:45 | call to method ToString | provenance | MaD:1980 |
| XSS.cs:37:20:37:23 | access to local variable name : String | XSS.cs:38:36:38:39 | access to local variable name | provenance | Sink:MaD:2159 |
| XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:25:48:25:67 | access to property Text : String | provenance | MaD:4 |
| XSS.cs:25:48:25:67 | access to property Text : String | XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | provenance | MaD:2 |
| XSS.cs:26:32:26:40 | access to local variable userInput : StringBuilder | XSS.cs:26:32:26:51 | call to method ToString | provenance | MaD:3 |
| XSS.cs:27:29:27:37 | access to local variable userInput : StringBuilder | XSS.cs:27:29:27:48 | call to method ToString | provenance | MaD:3 |
| XSS.cs:28:26:28:34 | access to local variable userInput : StringBuilder | XSS.cs:28:26:28:45 | call to method ToString | provenance | MaD:3 |
| XSS.cs:37:20:37:23 | access to local variable name : String | XSS.cs:38:36:38:39 | access to local variable name | provenance | Sink:MaD:5 |
| XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:20:37:23 | access to local variable name : String | provenance | |
| XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:27:37:61 | access to indexer : String | provenance | MaD:11546 |
| XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:37:27:37:61 | access to indexer : String | provenance | MaD:6 |
| XSS.cs:37:27:37:61 | access to indexer : String | XSS.cs:37:20:37:23 | access to local variable name : String | provenance | |
| XSS.cs:57:20:57:23 | access to local variable name : String | XSS.cs:59:22:59:25 | access to local variable name | provenance | |
| XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:57:20:57:23 | access to local variable name : String | provenance | |
| XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:57:27:57:73 | access to indexer : String | provenance | MaD:11546 |
| XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:57:27:57:73 | access to indexer : String | provenance | MaD:6 |
| XSS.cs:57:27:57:73 | access to indexer : String | XSS.cs:57:20:57:23 | access to local variable name : String | provenance | |
| XSS.cs:75:20:75:23 | access to local variable name : String | XSS.cs:76:36:76:39 | access to local variable name | provenance | |
| XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:75:20:75:23 | access to local variable name : String | provenance | |
| XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:75:27:75:61 | access to indexer : String | provenance | MaD:11546 |
| XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:75:27:75:61 | access to indexer : String | provenance | MaD:6 |
| XSS.cs:75:27:75:61 | access to indexer : String | XSS.cs:75:20:75:23 | access to local variable name : String | provenance | |
| XSS.cs:78:20:78:24 | access to local variable name2 : String | XSS.cs:79:36:79:40 | access to local variable name2 | provenance | |
| XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | XSS.cs:78:20:78:24 | access to local variable name2 : String | provenance | |
| XSS.cs:85:20:85:23 | access to local variable name : String | XSS.cs:86:28:86:31 | access to local variable name | provenance | |
| XSS.cs:85:20:85:23 | access to local variable name : String | XSS.cs:87:31:87:34 | access to local variable name | provenance | |
| XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:85:20:85:23 | access to local variable name : String | provenance | |
| XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:85:27:85:61 | access to indexer : String | provenance | MaD:11546 |
| XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:85:27:85:61 | access to indexer : String | provenance | MaD:6 |
| XSS.cs:85:27:85:61 | access to indexer : String | XSS.cs:85:20:85:23 | access to local variable name : String | provenance | |
| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:1811 |
| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:23593 |
| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:1 |
| XSS.cs:94:20:94:23 | access to local variable name : String | XSS.cs:95:31:95:34 | access to local variable name | provenance | Sink:MaD:7 |
| XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:94:20:94:23 | access to local variable name : String | provenance | |
| XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:94:27:94:61 | access to indexer : String | provenance | MaD:11546 |
| XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:94:27:94:61 | access to indexer : String | provenance | MaD:6 |
| XSS.cs:94:27:94:61 | access to indexer : String | XSS.cs:94:20:94:23 | access to local variable name : String | provenance | |
| script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | provenance | |
| script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | provenance | |
| script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | provenance | |
models
| 1 | Sink: System.Net.Http; StringContent; false; StringContent; ; ; Argument[0]; js-injection; manual |
| 2 | Summary: System.Text; StringBuilder; false; AppendFormat; (System.String,System.Object); ; Argument[1]; Argument[this]; taint; manual |
| 3 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual |
| 4 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
| 5 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
| 6 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
| 7 | Sink: System.Net.Http; StringContent; false; StringContent; (System.String); ; Argument[0]; js-injection; df-generated |
nodes
| XSS.cs:25:13:25:21 | [post] access to local variable userInput : StringBuilder | semmle.label | [post] access to local variable userInput : StringBuilder |
| XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | semmle.label | access to field categoryTextBox : TextBox |
@@ -73,18 +96,3 @@ nodes
| script.aspx:16:1:16:34 | <%= ... %> | semmle.label | <%= ... %> |
| script.aspx:20:1:20:41 | <%= ... %> | semmle.label | <%= ... %> |
subpaths
#select
| XSS.cs:26:32:26:51 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:26:32:26:51 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
| XSS.cs:27:29:27:48 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:27:29:27:48 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
| XSS.cs:28:26:28:45 | call to method ToString | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | XSS.cs:28:26:28:45 | call to method ToString | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:25:48:25:62 | access to field categoryTextBox : TextBox | User-provided value |
| XSS.cs:38:36:38:39 | access to local variable name | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | XSS.cs:38:36:38:39 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:37:27:37:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:59:22:59:25 | access to local variable name | XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | XSS.cs:59:22:59:25 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:57:27:57:65 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:76:36:76:39 | access to local variable name | XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | XSS.cs:76:36:76:39 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:75:27:75:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:79:36:79:40 | access to local variable name2 | XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | XSS.cs:79:36:79:40 | access to local variable name2 | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:78:28:78:42 | access to property Request : HttpRequestBase | User-provided value |
| XSS.cs:86:28:86:31 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:86:28:86:31 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:87:31:87:34 | access to local variable name | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | XSS.cs:87:31:87:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:85:27:85:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:95:31:95:34 | access to local variable name | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | XSS.cs:95:31:95:34 | access to local variable name | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:94:27:94:53 | access to property QueryString : NameValueCollection | User-provided value |
| XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | XSS.cs:135:20:135:33 | access to property RawUrl | $@ flows to here and is written to HTML or JavaScript. | XSS.cs:135:20:135:33 | access to property RawUrl | User-provided value |
| script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | script.aspx:12:1:12:14 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:12:1:12:14 | <%= ... %> | User-provided value |
| script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | script.aspx:16:1:16:34 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:16:1:16:34 | <%= ... %> | User-provided value |
| script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | script.aspx:20:1:20:41 | <%= ... %> | $@ flows to here and is a remote source accessed inline in an ASPX page. | script.aspx:20:1:20:41 | <%= ... %> | User-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-079/XSSAsp/XSS.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-079/XSS.ql
query: Security Features/CWE-079/XSS.ql
postprocess: TestUtilities/PrettyPrintModels.ql

163
csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.expected
View File

@@ -1,77 +1,131 @@
#select
| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | This query depends on $@. | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | this database input |
| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | This query depends on $@. | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | this file stream |
| SqlInjection.cs:34:50:34:55 | access to local variable query1 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:34:50:34:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | this ASP.NET user input |
| SqlInjection.cs:69:56:69:61 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:69:56:69:61 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
| SqlInjection.cs:70:55:70:60 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:70:55:70:60 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
| SqlInjection.cs:83:50:83:55 | access to local variable query1 | SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:82:21:82:29 | access to property Text : String | this TextBox text |
| SqlInjection.cs:93:42:93:52 | access to local variable queryString | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
| SqlInjection.cs:94:50:94:52 | access to local variable cmd | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:94:50:94:52 | access to local variable cmd | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
| SqlInjection.cs:104:42:104:52 | access to local variable queryString | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | this external |
| SqlInjection.cs:105:50:105:52 | access to local variable cmd | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:105:50:105:52 | access to local variable cmd | This query depends on $@. | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | this external |
| SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | this TextBox text |
| SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | this file stream |
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | this ASP.NET user input |
edges
| SecondOrderSqlInjection.cs:20:31:20:44 | access to local variable customerReader : SqlDataReader | SecondOrderSqlInjection.cs:25:119:25:132 | access to local variable customerReader : SqlDataReader | provenance | |
| SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | SecondOrderSqlInjection.cs:20:31:20:44 | access to local variable customerReader : SqlDataReader | provenance | |
| SecondOrderSqlInjection.cs:25:119:25:132 | access to local variable customerReader : SqlDataReader | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | provenance | MaD:1007 |
| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | provenance | Sink:MaD:948 |
| SecondOrderSqlInjection.cs:25:119:25:132 | access to local variable customerReader : SqlDataReader | SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | provenance | MaD:20 |
| SecondOrderSqlInjection.cs:25:119:25:145 | call to method GetString : String | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | provenance | Sink:MaD:16 |
| SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | provenance | |
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:1084 |
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:1085 |
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:21 |
| SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:33:31:33:32 | access to local variable fs : FileStream | provenance | Src:MaD:22 |
| SecondOrderSqlInjection.cs:35:37:35:38 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | provenance | |
| SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | SecondOrderSqlInjection.cs:35:37:35:38 | access to local variable sr : StreamReader | provenance | |
| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | provenance | MaD:1151 |
| SecondOrderSqlInjection.cs:35:59:35:60 | access to local variable fs : FileStream | SecondOrderSqlInjection.cs:35:42:35:76 | object creation of type StreamReader : StreamReader | provenance | MaD:24 |
| SecondOrderSqlInjection.cs:38:29:38:31 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | provenance | |
| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | provenance | MaD:1172 |
| SecondOrderSqlInjection.cs:38:35:38:36 | access to local variable sr : StreamReader | SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | provenance | MaD:25 |
| SecondOrderSqlInjection.cs:38:35:38:47 | call to method ReadLine : String | SecondOrderSqlInjection.cs:38:29:38:31 | access to local variable sql : String | provenance | |
| SecondOrderSqlInjection.cs:40:25:40:27 | access to local variable sql : String | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | provenance | Sink:MaD:938 |
| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | provenance | MaD:2766 |
| SecondOrderSqlInjection.cs:40:25:40:27 | access to local variable sql : String | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | provenance | Sink:MaD:10 |
| SecondOrderSqlInjection.cs:40:31:40:33 | access to local variable sql : String | SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | provenance | MaD:28 |
| SecondOrderSqlInjection.cs:40:31:40:40 | call to method Trim : String | SecondOrderSqlInjection.cs:40:25:40:27 | access to local variable sql : String | provenance | |
| SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | SqlInjection.cs:34:50:34:55 | access to local variable query1 | provenance | Sink:MaD:951 |
| SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:33:21:33:40 | access to property Text : String | provenance | MaD:2156 |
| SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | SqlInjection.cs:34:50:34:55 | access to local variable query1 | provenance | Sink:MaD:18 |
| SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:33:21:33:40 | access to property Text : String | provenance | MaD:26 |
| SqlInjection.cs:33:21:33:40 | access to property Text : String | SqlInjection.cs:32:21:32:26 | access to local variable query1 : String | provenance | |
| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:69:56:69:61 | access to local variable query1 | provenance | Sink:MaD:917 |
| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:70:55:70:60 | access to local variable query1 | provenance | Sink:MaD:923 |
| SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:68:33:68:52 | access to property Text : String | provenance | MaD:2156 |
| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:69:56:69:61 | access to local variable query1 | provenance | Sink:MaD:7 |
| SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | SqlInjection.cs:70:55:70:60 | access to local variable query1 | provenance | Sink:MaD:8 |
| SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:68:33:68:52 | access to property Text : String | provenance | MaD:26 |
| SqlInjection.cs:68:33:68:52 | access to property Text : String | SqlInjection.cs:67:25:67:30 | access to local variable query1 : String | provenance | |
| SqlInjection.cs:81:21:81:26 | access to local variable query1 : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | provenance | Sink:MaD:951 |
| SqlInjection.cs:81:21:81:26 | access to local variable query1 : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | provenance | Sink:MaD:18 |
| SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:81:21:81:26 | access to local variable query1 : String | provenance | |
| SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | provenance | Sink:MaD:947 |
| SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | provenance | Sink:MaD:15 |
| SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | provenance | |
| SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:91:21:91:31 | access to local variable queryString : String | provenance | |
| SqlInjection.cs:93:21:93:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:94:50:94:52 | access to local variable cmd | provenance | Sink:MaD:950 |
| SqlInjection.cs:93:21:93:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:94:50:94:52 | access to local variable cmd | provenance | Sink:MaD:17 |
| SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | SqlInjection.cs:93:21:93:23 | access to local variable cmd : SqlCommand | provenance | |
| SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | provenance | MaD:953 |
| SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString | provenance | Sink:MaD:947 |
| SqlInjection.cs:93:42:93:52 | access to local variable queryString : String | SqlInjection.cs:93:27:93:53 | object creation of type SqlCommand : SqlCommand | provenance | MaD:19 |
| SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString | provenance | Sink:MaD:15 |
| SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString : String | provenance | |
| SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | provenance | Src:MaD:2257 |
| SqlInjection.cs:104:21:104:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:105:50:105:52 | access to local variable cmd | provenance | Sink:MaD:950 |
| SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:102:21:102:31 | access to local variable queryString : String | provenance | Src:MaD:27 |
| SqlInjection.cs:104:21:104:23 | access to local variable cmd : SqlCommand | SqlInjection.cs:105:50:105:52 | access to local variable cmd | provenance | Sink:MaD:17 |
| SqlInjection.cs:104:27:104:53 | object creation of type SqlCommand : SqlCommand | SqlInjection.cs:104:21:104:23 | access to local variable cmd : SqlCommand | provenance | |
| SqlInjection.cs:104:42:104:52 | access to local variable queryString : String | SqlInjection.cs:104:27:104:53 | object creation of type SqlCommand : SqlCommand | provenance | MaD:953 |
| SqlInjectionDapper.cs:20:21:20:25 | access to local variable query : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | provenance | Sink:MaD:27 |
| SqlInjection.cs:104:42:104:52 | access to local variable queryString : String | SqlInjection.cs:104:27:104:53 | object creation of type SqlCommand : SqlCommand | provenance | MaD:19 |
| SqlInjectionDapper.cs:20:21:20:25 | access to local variable query : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | provenance | Sink:MaD:4 |
| SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:20:21:20:25 | access to local variable query : String | provenance | |
| SqlInjectionDapper.cs:29:21:29:25 | access to local variable query : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | provenance | Sink:MaD:37 |
| SqlInjectionDapper.cs:29:21:29:25 | access to local variable query : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | provenance | Sink:MaD:5 |
| SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:29:21:29:25 | access to local variable query : String | provenance | |
| SqlInjectionDapper.cs:38:21:38:25 | access to local variable query : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | provenance | Sink:MaD:48 |
| SqlInjectionDapper.cs:38:21:38:25 | access to local variable query : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | provenance | Sink:MaD:6 |
| SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:38:21:38:25 | access to local variable query : String | provenance | |
| SqlInjectionDapper.cs:47:21:47:25 | access to local variable query : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | provenance | Sink:MaD:17 |
| SqlInjectionDapper.cs:47:21:47:25 | access to local variable query : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | provenance | Sink:MaD:1 |
| SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | SqlInjectionDapper.cs:47:21:47:25 | access to local variable query : String | provenance | |
| SqlInjectionDapper.cs:57:21:57:25 | access to local variable query : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | provenance | Sink:MaD:21 |
| SqlInjectionDapper.cs:57:21:57:25 | access to local variable query : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | provenance | Sink:MaD:3 |
| SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | SqlInjectionDapper.cs:57:21:57:25 | access to local variable query : String | provenance | |
| SqlInjectionDapper.cs:66:21:66:25 | access to local variable query : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | provenance | Sink:MaD:18 |
| SqlInjectionDapper.cs:66:21:66:25 | access to local variable query : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | provenance | Sink:MaD:2 |
| SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:66:21:66:25 | access to local variable query : String | provenance | |
| SqlInjectionDapper.cs:75:21:75:25 | access to local variable query : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | provenance | |
| SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:75:21:75:25 | access to local variable query : String | provenance | |
| SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | provenance | MaD:2156 Sink:MaD:937 |
| SqlInjectionSqlite.cs:24:17:24:19 | access to local variable cmd : SQLiteCommand | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | provenance | Sink:MaD:940 |
| SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | provenance | MaD:26 Sink:MaD:9 |
| SqlInjectionSqlite.cs:24:17:24:19 | access to local variable cmd : SQLiteCommand | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | provenance | Sink:MaD:11 |
| SqlInjectionSqlite.cs:24:23:24:71 | object creation of type SQLiteCommand : SQLiteCommand | SqlInjectionSqlite.cs:24:17:24:19 | access to local variable cmd : SQLiteCommand | provenance | |
| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | provenance | MaD:2156 Sink:MaD:938 |
| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | provenance | MaD:2156 |
| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | SqlInjectionSqlite.cs:24:23:24:71 | object creation of type SQLiteCommand : SQLiteCommand | provenance | MaD:945 |
| SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | provenance | MaD:2156 Sink:MaD:941 |
| SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | provenance | MaD:2156 Sink:MaD:942 |
| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | provenance | MaD:26 Sink:MaD:10 |
| SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | provenance | MaD:26 |
| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text : String | SqlInjectionSqlite.cs:24:23:24:71 | object creation of type SQLiteCommand : SQLiteCommand | provenance | MaD:14 |
| SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | provenance | MaD:26 Sink:MaD:12 |
| SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | provenance | MaD:26 Sink:MaD:13 |
| SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | SqlInjectionSqlite.cs:51:59:51:60 | access to local variable fs : FileStream | provenance | |
| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:1084 |
| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:1085 |
| SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | provenance | MaD:2156 |
| SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | provenance | MaD:1094 |
| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:21 |
| SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:49:31:49:32 | access to local variable fs : FileStream | provenance | Src:MaD:22 |
| SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | provenance | MaD:26 |
| SqlInjectionSqlite.cs:49:51:49:68 | access to property Text : String | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | provenance | MaD:23 |
| SqlInjectionSqlite.cs:51:37:51:38 | access to local variable sr : StreamReader | SqlInjectionSqlite.cs:54:35:54:36 | access to local variable sr : StreamReader | provenance | |
| SqlInjectionSqlite.cs:51:42:51:76 | object creation of type StreamReader : StreamReader | SqlInjectionSqlite.cs:51:37:51:38 | access to local variable sr : StreamReader | provenance | |
| SqlInjectionSqlite.cs:51:59:51:60 | access to local variable fs : FileStream | SqlInjectionSqlite.cs:51:42:51:76 | object creation of type StreamReader : StreamReader | provenance | MaD:1151 |
| SqlInjectionSqlite.cs:51:59:51:60 | access to local variable fs : FileStream | SqlInjectionSqlite.cs:51:42:51:76 | object creation of type StreamReader : StreamReader | provenance | MaD:24 |
| SqlInjectionSqlite.cs:54:29:54:31 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | provenance | |
| SqlInjectionSqlite.cs:54:35:54:36 | access to local variable sr : StreamReader | SqlInjectionSqlite.cs:54:35:54:47 | call to method ReadLine : String | provenance | MaD:1172 |
| SqlInjectionSqlite.cs:54:35:54:36 | access to local variable sr : StreamReader | SqlInjectionSqlite.cs:54:35:54:47 | call to method ReadLine : String | provenance | MaD:25 |
| SqlInjectionSqlite.cs:54:35:54:47 | call to method ReadLine : String | SqlInjectionSqlite.cs:54:29:54:31 | access to local variable sql : String | provenance | |
| SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | provenance | Sink:MaD:938 |
| SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance | MaD:2766 |
| SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | provenance | Sink:MaD:10 |
| SqlInjectionSqlite.cs:56:31:56:33 | access to local variable sql : String | SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | provenance | MaD:28 |
| SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | SqlInjectionSqlite.cs:56:25:56:27 | access to local variable sql : String | provenance | |
models
| 1 | Sink: Dapper; SqlMapper; false; ExecuteAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
| 2 | Sink: Dapper; SqlMapper; false; ExecuteReader; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
| 3 | Sink: Dapper; SqlMapper; false; ExecuteScalar; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
| 4 | Sink: Dapper; SqlMapper; false; Query<T>; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
| 5 | Sink: Dapper; SqlMapper; false; QueryAsync<T>; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
| 6 | Sink: Dapper; SqlMapper; false; QueryFirstAsync; (System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>); ; Argument[1]; sql-injection; manual |
| 7 | Sink: System.Data.Entity; Database; false; ExecuteSqlCommand; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual |
| 8 | Sink: System.Data.Entity; Database; false; SqlQuery<TElement>; (System.String,System.Object[]); ; Argument[0]; sql-injection; manual |
| 9 | Sink: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String); ; Argument[0]; sql-injection; manual |
| 10 | Sink: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual |
| 11 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.Data.SQLite.SQLiteCommand); ; Argument[0]; sql-injection; manual |
| 12 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; sql-injection; manual |
| 13 | Sink: System.Data.SQLite; SQLiteDataAdapter; false; SQLiteDataAdapter; (System.String,System.String); ; Argument[0]; sql-injection; manual |
| 14 | Summary: System.Data.SQLite; SQLiteCommand; false; SQLiteCommand; (System.String,System.Data.SQLite.SQLiteConnection); ; Argument[0]; Argument[this]; taint; manual |
| 15 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String); ; Argument[0]; sql-injection; manual |
| 16 | Sink: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
| 17 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.Data.SqlClient.SqlCommand); ; Argument[0]; sql-injection; manual |
| 18 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
| 19 | Summary: System.Data.SqlClient; SqlCommand; false; SqlCommand; (System.String); ; Argument[0]; Argument[this]; taint; manual |
| 20 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
| 21 | Source: System.IO; FileStream; false; FileStream; ; ; Argument[this]; file; manual |
| 22 | Source: System.IO; FileStream; false; FileStream; ; ; Argument[this]; file-write; manual |
| 23 | Summary: System.IO; FileStream; false; FileStream; (System.String,System.IO.FileMode); ; Argument[0]; Argument[this]; taint; manual |
| 24 | Summary: System.IO; StreamReader; false; StreamReader; (System.IO.Stream,System.Text.Encoding); ; Argument[0]; Argument[this]; taint; manual |
| 25 | Summary: System.IO; TextReader; true; ReadLine; (); ; Argument[this]; ReturnValue; taint; manual |
| 26 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
| 27 | Source: System; Console; false; ReadLine; ; ; ReturnValue; local; manual |
| 28 | Summary: System; String; false; Trim; (); ; Argument[this]; ReturnValue; taint; manual |
nodes
| SecondOrderSqlInjection.cs:20:31:20:44 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
| SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | semmle.label | call to method ExecuteReader : SqlDataReader |
@@ -164,28 +218,3 @@ nodes
| SqlInjectionSqlite.cs:56:31:56:40 | call to method Trim : String | semmle.label | call to method Trim : String |
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | semmle.label | access to local variable sql |
subpaths
#select
| SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | SecondOrderSqlInjection.cs:25:71:25:145 | ... + ... | This query depends on $@. | SecondOrderSqlInjection.cs:20:48:20:78 | call to method ExecuteReader : SqlDataReader | this database input |
| SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | SecondOrderSqlInjection.cs:45:57:45:59 | access to local variable sql | This query depends on $@. | SecondOrderSqlInjection.cs:33:36:33:78 | object creation of type FileStream : FileStream | this file stream |
| SqlInjection.cs:34:50:34:55 | access to local variable query1 | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | SqlInjection.cs:34:50:34:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:33:21:33:35 | access to field categoryTextBox : TextBox | this ASP.NET user input |
| SqlInjection.cs:69:56:69:61 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:69:56:69:61 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
| SqlInjection.cs:70:55:70:60 | access to local variable query1 | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | SqlInjection.cs:70:55:70:60 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:68:33:68:47 | access to field categoryTextBox : TextBox | this ASP.NET user input |
| SqlInjection.cs:83:50:83:55 | access to local variable query1 | SqlInjection.cs:82:21:82:29 | access to property Text : String | SqlInjection.cs:83:50:83:55 | access to local variable query1 | This query depends on $@. | SqlInjection.cs:82:21:82:29 | access to property Text : String | this TextBox text |
| SqlInjection.cs:93:42:93:52 | access to local variable queryString | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:93:42:93:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
| SqlInjection.cs:94:50:94:52 | access to local variable cmd | SqlInjection.cs:92:21:92:29 | access to property Text : String | SqlInjection.cs:94:50:94:52 | access to local variable cmd | This query depends on $@. | SqlInjection.cs:92:21:92:29 | access to property Text : String | this TextBox text |
| SqlInjection.cs:104:42:104:52 | access to local variable queryString | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:104:42:104:52 | access to local variable queryString | This query depends on $@. | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | this external |
| SqlInjection.cs:105:50:105:52 | access to local variable cmd | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | SqlInjection.cs:105:50:105:52 | access to local variable cmd | This query depends on $@. | SqlInjection.cs:103:21:103:38 | call to method ReadLine : String | this external |
| SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | SqlInjectionDapper.cs:21:55:21:59 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:20:86:20:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | SqlInjectionDapper.cs:30:66:30:70 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:29:86:29:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | SqlInjectionDapper.cs:39:63:39:67 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:38:86:38:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | SqlInjectionDapper.cs:49:47:49:51 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:47:86:47:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | SqlInjectionDapper.cs:58:42:58:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:57:86:57:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | SqlInjectionDapper.cs:67:42:67:46 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:66:86:66:94 | access to property Text : String | this TextBox text |
| SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | SqlInjectionDapper.cs:77:52:77:56 | access to local variable query | This query depends on $@. | SqlInjectionDapper.cs:75:86:75:94 | access to property Text : String | this TextBox text |
| SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:19:51:19:68 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:19:51:19:63 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:24:41:24:58 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:33:49:33:66 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:33:49:33:61 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:39:45:39:62 | access to property Text | This query depends on $@. | SqlInjectionSqlite.cs:39:45:39:57 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:44:45:44:47 | access to local variable cmd | This query depends on $@. | SqlInjectionSqlite.cs:24:41:24:53 | access to field untrustedData : TextBox | this ASP.NET user input |
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:36:49:84 | object creation of type FileStream : FileStream | this file stream |
| SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | SqlInjectionSqlite.cs:61:53:61:55 | access to local variable sql | This query depends on $@. | SqlInjectionSqlite.cs:49:51:49:63 | access to field untrustedData : TextBox | this ASP.NET user input |

3
csharp/ql/test/query-tests/Security Features/CWE-089/SqlInjection.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-089/SqlInjection.ql
query: Security Features/CWE-089/SqlInjection.ql
postprocess: TestUtilities/PrettyPrintModels.ql

23
csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.expected
View File

@@ -1,3 +1,11 @@
#select
| LDAPInjection.cs:15:54:15:78 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:15:54:15:78 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:17:21:17:45 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:17:21:17:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:24:21:24:45 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:24:21:24:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:25:53:25:77 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:25:53:25:77 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:28:48:28:70 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:28:48:28:70 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:30:20:30:42 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:30:20:30:42 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:41:63:41:106 | ... + ... | LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader : SqlDataReader | LDAPInjection.cs:41:63:41:106 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader | user-provided value |
edges
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:15:54:15:78 | ... + ... | provenance | |
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:17:21:17:45 | ... + ... | provenance | |
@@ -6,12 +14,15 @@ edges
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:28:48:28:70 | ... + ... | provenance | |
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | LDAPInjection.cs:30:20:30:42 | ... + ... | provenance | |
| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | provenance | |
| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:11546 |
| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:2 |
| LDAPInjection.cs:12:27:12:61 | access to indexer : String | LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | provenance | |
| LDAPInjection.cs:36:27:36:40 | access to local variable customerReader : SqlDataReader | LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | provenance | |
| LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader : SqlDataReader | LDAPInjection.cs:36:27:36:40 | access to local variable customerReader : SqlDataReader | provenance | |
| LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | LDAPInjection.cs:41:80:41:106 | call to method GetString : String | provenance | MaD:1007 |
| LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | LDAPInjection.cs:41:80:41:106 | call to method GetString : String | provenance | MaD:1 |
| LDAPInjection.cs:41:80:41:106 | call to method GetString : String | LDAPInjection.cs:41:63:41:106 | ... + ... | provenance | |
models
| 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| LDAPInjection.cs:12:16:12:23 | access to local variable userName : String | semmle.label | access to local variable userName : String |
| LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
@@ -28,11 +39,3 @@ nodes
| LDAPInjection.cs:41:80:41:93 | access to local variable customerReader : SqlDataReader | semmle.label | access to local variable customerReader : SqlDataReader |
| LDAPInjection.cs:41:80:41:106 | call to method GetString : String | semmle.label | call to method GetString : String |
subpaths
#select
| LDAPInjection.cs:15:54:15:78 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:15:54:15:78 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:17:21:17:45 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:17:21:17:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:24:21:24:45 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:24:21:24:45 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:25:53:25:77 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:25:53:25:77 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:28:48:28:70 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:28:48:28:70 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:30:20:30:42 | ... + ... | LDAPInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | LDAPInjection.cs:30:20:30:42 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| LDAPInjection.cs:41:63:41:106 | ... + ... | LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader : SqlDataReader | LDAPInjection.cs:41:63:41:106 | ... + ... | This LDAP query depends on a $@. | LDAPInjection.cs:36:44:36:74 | call to method ExecuteReader | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-090/LDAPInjection.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-090/LDAPInjection.ql
query: Security Features/CWE-090/LDAPInjection.ql
postprocess: TestUtilities/PrettyPrintModels.ql

8
csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.expected
View File

@@ -1,13 +1,15 @@
#select
| Test.cs:15:25:15:80 | ... + ... | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:15:25:15:80 | ... + ... | This XML element depends on a $@. | Test.cs:8:27:8:49 | access to property QueryString | user-provided value |
edges
| Test.cs:8:12:8:23 | access to local variable employeeName : String | Test.cs:15:25:15:80 | ... + ... | provenance | |
| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:12:8:23 | access to local variable employeeName : String | provenance | |
| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:27:8:65 | access to indexer : String | provenance | MaD:11546 |
| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:8:27:8:65 | access to indexer : String | provenance | MaD:1 |
| Test.cs:8:27:8:65 | access to indexer : String | Test.cs:8:12:8:23 | access to local variable employeeName : String | provenance | |
models
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| Test.cs:8:12:8:23 | access to local variable employeeName : String | semmle.label | access to local variable employeeName : String |
| Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
| Test.cs:8:27:8:65 | access to indexer : String | semmle.label | access to indexer : String |
| Test.cs:15:25:15:80 | ... + ... | semmle.label | ... + ... |
subpaths
#select
| Test.cs:15:25:15:80 | ... + ... | Test.cs:8:27:8:49 | access to property QueryString : NameValueCollection | Test.cs:15:25:15:80 | ... + ... | This XML element depends on a $@. | Test.cs:8:27:8:49 | access to property QueryString | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-091/XMLInjection/XMLInjection.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-091/XMLInjection.ql
query: Security Features/CWE-091/XMLInjection.ql
postprocess: TestUtilities/PrettyPrintModels.ql

12
csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.expected
View File

@@ -1,9 +1,15 @@
#select
| CodeInjection.cs:29:64:29:67 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:29:64:29:67 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value |
| CodeInjection.cs:40:36:40:39 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:40:36:40:39 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value |
| CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | This code compilation depends on a $@. | CodeInjection.cs:56:36:56:44 | access to property Text | user-provided value |
edges
| CodeInjection.cs:23:16:23:19 | access to local variable code : String | CodeInjection.cs:29:64:29:67 | access to local variable code | provenance | |
| CodeInjection.cs:23:16:23:19 | access to local variable code : String | CodeInjection.cs:40:36:40:39 | access to local variable code | provenance | |
| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:16:23:19 | access to local variable code : String | provenance | |
| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:23:23:53 | access to indexer : String | provenance | MaD:11546 |
| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:23:23:23:53 | access to indexer : String | provenance | MaD:1 |
| CodeInjection.cs:23:23:23:53 | access to indexer : String | CodeInjection.cs:23:16:23:19 | access to local variable code : String | provenance | |
models
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| CodeInjection.cs:23:16:23:19 | access to local variable code : String | semmle.label | access to local variable code : String |
| CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
@@ -12,7 +18,3 @@ nodes
| CodeInjection.cs:40:36:40:39 | access to local variable code | semmle.label | access to local variable code |
| CodeInjection.cs:56:36:56:44 | access to property Text | semmle.label | access to property Text |
subpaths
#select
| CodeInjection.cs:29:64:29:67 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:29:64:29:67 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value |
| CodeInjection.cs:40:36:40:39 | access to local variable code | CodeInjection.cs:23:23:23:45 | access to property QueryString : NameValueCollection | CodeInjection.cs:40:36:40:39 | access to local variable code | This code compilation depends on a $@. | CodeInjection.cs:23:23:23:45 | access to property QueryString | user-provided value |
| CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | CodeInjection.cs:56:36:56:44 | access to property Text | This code compilation depends on a $@. | CodeInjection.cs:56:36:56:44 | access to property Text | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-094/CodeInjection.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-094/CodeInjection.ql
query: Security Features/CWE-094/CodeInjection.ql
postprocess: TestUtilities/PrettyPrintModels.ql

10
csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.expected
View File

@@ -1,10 +1,15 @@
#select
| ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value |
| ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value |
edges
| ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | provenance | |
| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | provenance | |
| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:8:27:8:61 | access to indexer : String | provenance | MaD:11546 |
| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:8:27:8:61 | access to indexer : String | provenance | MaD:1 |
| ResourceInjection.cs:8:27:8:61 | access to indexer : String | ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | provenance | |
| ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | provenance | |
| ResourceInjection.cs:9:16:9:31 | access to local variable connectionString : String | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | provenance | |
models
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| ResourceInjection.cs:8:16:8:23 | access to local variable userName : String | semmle.label | access to local variable userName : String |
| ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
@@ -13,6 +18,3 @@ nodes
| ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | semmle.label | access to local variable connectionString |
| ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | semmle.label | access to local variable connectionString |
subpaths
#select
| ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:11:57:11:72 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value |
| ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | ResourceInjection.cs:8:27:8:49 | access to property QueryString : NameValueCollection | ResourceInjection.cs:13:42:13:57 | access to local variable connectionString | This resource descriptor depends on a $@. | ResourceInjection.cs:8:27:8:49 | access to property QueryString | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-099/ResourceInjection.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-099/ResourceInjection.ql
query: Security Features/CWE-099/ResourceInjection.ql
postprocess: TestUtilities/PrettyPrintModels.ql

25
csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.expected
View File

@@ -1,15 +1,24 @@
#select
| MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because there is no 'XmlReaderSettings' instance specifying schema validation. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
| MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
| MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessInlineSchema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessSchemaLocation'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
edges
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | provenance | MaD:11546 |
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | provenance | MaD:2 |
| MissingXMLValidation.cs:12:34:12:75 | access to indexer : String | MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | provenance | |
| MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | provenance | MaD:1162 |
| MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | provenance | MaD:1162 |
| MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | MaD:1162 |
| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | MaD:1162 |
| MissingXMLValidation.cs:16:43:16:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | provenance | MaD:1 |
| MissingXMLValidation.cs:21:43:21:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | provenance | MaD:1 |
| MissingXMLValidation.cs:27:43:27:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | provenance | MaD:1 |
| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | provenance | MaD:1 |
models
| 1 | Summary: System.IO; StringReader; false; StringReader; (System.String); ; Argument[0]; Argument[this]; taint; manual |
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| MissingXMLValidation.cs:12:16:12:30 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
| MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
@@ -23,9 +32,3 @@ nodes
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | semmle.label | object creation of type StringReader |
| MissingXMLValidation.cs:45:43:45:57 | access to local variable userProvidedXml : String | semmle.label | access to local variable userProvidedXml : String |
subpaths
#select
| MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:16:26:16:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because there is no 'XmlReaderSettings' instance specifying schema validation. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
| MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:21:26:21:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
| MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:27:26:27:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance does not specify the 'ValidationType' as 'Schema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessInlineSchema'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |
| MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString : NameValueCollection | MissingXMLValidation.cs:45:26:45:58 | object creation of type StringReader | This XML processing depends on a $@ without validation because the 'XmlReaderSettings' instance specifies 'ProcessSchemaLocation'. | MissingXMLValidation.cs:12:34:12:56 | access to property QueryString | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-112/MissingXMLValidation.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-112/MissingXMLValidation.ql
query: Security Features/CWE-112/MissingXMLValidation.ql
postprocess: TestUtilities/PrettyPrintModels.ql

8
csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.expected
View File

@@ -1,13 +1,15 @@
#select
| Test.cs:10:36:10:46 | access to local variable libraryName | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:10:36:10:46 | access to local variable libraryName | This assembly path depends on a $@. | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | user-provided value |
edges
| Test.cs:7:12:7:22 | access to local variable libraryName : String | Test.cs:10:36:10:46 | access to local variable libraryName | provenance | |
| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:12:7:22 | access to local variable libraryName : String | provenance | |
| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:26:7:63 | access to indexer : String | provenance | MaD:11546 |
| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:7:26:7:63 | access to indexer : String | provenance | MaD:1 |
| Test.cs:7:26:7:63 | access to indexer : String | Test.cs:7:12:7:22 | access to local variable libraryName : String | provenance | |
models
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| Test.cs:7:12:7:22 | access to local variable libraryName : String | semmle.label | access to local variable libraryName : String |
| Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
| Test.cs:7:26:7:63 | access to indexer : String | semmle.label | access to indexer : String |
| Test.cs:10:36:10:46 | access to local variable libraryName | semmle.label | access to local variable libraryName |
subpaths
#select
| Test.cs:10:36:10:46 | access to local variable libraryName | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | Test.cs:10:36:10:46 | access to local variable libraryName | This assembly path depends on a $@. | Test.cs:7:26:7:48 | access to property QueryString : NameValueCollection | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-114/AssemblyPathInjection/AssemblyPathInjection.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-114/AssemblyPathInjection.ql
query: Security Features/CWE-114/AssemblyPathInjection.ql
postprocess: TestUtilities/PrettyPrintModels.ql

14
csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.expected
View File

@@ -1,11 +1,18 @@
#select
| LogForging.cs:21:21:21:43 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
| LogForging.cs:29:50:29:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:29:50:29:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
| LogForging.cs:33:26:33:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:33:26:33:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
| LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value |
edges
| LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:21:21:21:43 | ... + ... | provenance | |
| LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:29:50:29:72 | ... + ... | provenance | |
| LogForging.cs:18:16:18:23 | access to local variable username : String | LogForging.cs:33:26:33:33 | access to local variable username | provenance | |
| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | |
| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:11546 |
| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:18:27:18:61 | access to indexer : String | provenance | MaD:1 |
| LogForging.cs:18:27:18:61 | access to indexer : String | LogForging.cs:18:16:18:23 | access to local variable username : String | provenance | |
| LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | provenance | |
models
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| LogForging.cs:18:16:18:23 | access to local variable username : String | semmle.label | access to local variable username : String |
| LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
@@ -16,8 +23,3 @@ nodes
| LogForgingAsp.cs:8:32:8:39 | username : String | semmle.label | username : String |
| LogForgingAsp.cs:12:21:12:43 | ... + ... | semmle.label | ... + ... |
subpaths
#select
| LogForging.cs:21:21:21:43 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:21:21:21:43 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
| LogForging.cs:29:50:29:72 | ... + ... | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:29:50:29:72 | ... + ... | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
| LogForging.cs:33:26:33:33 | access to local variable username | LogForging.cs:18:27:18:49 | access to property QueryString : NameValueCollection | LogForging.cs:33:26:33:33 | access to local variable username | This log entry depends on a $@. | LogForging.cs:18:27:18:49 | access to property QueryString | user-provided value |
| LogForgingAsp.cs:12:21:12:43 | ... + ... | LogForgingAsp.cs:8:32:8:39 | username : String | LogForgingAsp.cs:12:21:12:43 | ... + ... | This log entry depends on a $@. | LogForgingAsp.cs:8:32:8:39 | username | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-117/LogForging.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-117/LogForging.ql
query: Security Features/CWE-117/LogForging.ql
postprocess: TestUtilities/PrettyPrintModels.ql

21
csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected
View File

@@ -1,15 +1,24 @@
#select
| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | This format string depends on $@. | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine | thisexternal |
| UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
| UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
| UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | This format string depends on $@. | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | thisTextBox text |
| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | This format string depends on $@. | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | thisASP.NET query string |
edges
| ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | provenance | |
| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | provenance | Src:MaD:2257 |
| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | provenance | Src:MaD:1 |
| UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | provenance | |
| UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | provenance | |
| UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | provenance | |
| UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:9:23:9:53 | access to indexer : String | provenance | MaD:11546 |
| UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:9:23:9:53 | access to indexer : String | provenance | MaD:2 |
| UncontrolledFormatString.cs:9:23:9:53 | access to indexer : String | UncontrolledFormatString.cs:9:16:9:19 | access to local variable path : String | provenance | |
| UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | provenance | |
| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | provenance | |
| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | provenance | MaD:11546 |
| UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | provenance | MaD:2 |
| UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | UncontrolledFormatStringBad.cs:9:16:9:21 | access to local variable format : String | provenance | |
models
| 1 | Source: System; Console; false; ReadLine; ; ; ReturnValue; local; manual |
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| ConsoleUncontrolledFormatString.cs:8:13:8:18 | access to local variable format : String | semmle.label | access to local variable format : String |
| ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | semmle.label | call to method ReadLine : String |
@@ -25,9 +34,3 @@ nodes
| UncontrolledFormatStringBad.cs:9:25:9:61 | access to indexer : String | semmle.label | access to indexer : String |
| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | semmle.label | access to local variable format |
subpaths
#select
| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | This format string depends on $@. | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine | thisexternal |
| UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
| UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | This format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
| UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | This format string depends on $@. | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | thisTextBox text |
| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | This format string depends on $@. | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | thisASP.NET query string |

3
csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-134/UncontrolledFormatString.ql
query: Security Features/CWE-134/UncontrolledFormatString.ql
postprocess: TestUtilities/PrettyPrintModels.ql

27
csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.expected
View File

@@ -1,11 +1,24 @@
#select
| ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | sensitive information |
| ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | sensitive information |
| ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | sensitive information |
| ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | sensitive information |
| ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data | sensitive information |
| ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
| ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
| ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
| ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
edges
| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | Sink:MaD:2159 |
| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | MaD:868 Sink:MaD:2159 |
| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | Sink:MaD:2 |
| ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | provenance | MaD:1 Sink:MaD:2 |
| ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | provenance | |
| ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | provenance | |
| ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | provenance | |
| ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | provenance | |
| ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:30:13:30:13 | access to local variable p : String | provenance | |
models
| 1 | Summary: System.ComponentModel; PropertyDescriptorCollection; false; get_Item; (System.Object); ; Argument[this].Element; ReturnValue; value; manual |
| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
nodes
| ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | semmle.label | access to local variable password |
| ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | semmle.label | call to method ToString |
@@ -20,13 +33,3 @@ nodes
| ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | semmle.label | ... + ... |
| ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | semmle.label | access to local variable p |
subpaths
#select
| ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:14:32:14:39 | access to local variable password | sensitive information |
| ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:18:32:18:44 | call to method ToString | sensitive information |
| ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:22:32:22:41 | access to property Message | sensitive information |
| ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:23:32:23:44 | call to method ToString | sensitive information |
| ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data : IDictionary | ExposureInTransmittedData.cs:24:32:24:50 | access to indexer | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:24:32:24:38 | access to property Data | sensitive information |
| ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:53:31:53 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
| ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:31:56:31:56 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
| ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:32:24:32:52 | ... + ... | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |
| ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField : String | ExposureInTransmittedData.cs:33:27:33:27 | access to local variable p | This data transmitted to the user depends on $@. | ExposureInTransmittedData.cs:30:17:30:36 | call to method GetField | sensitive information |

3
csharp/ql/test/query-tests/Security Features/CWE-201/ExposureInTransmittedData/ExposureInTransmittedData.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-201/ExposureInTransmittedData.ql
query: Security Features/CWE-201/ExposureInTransmittedData.ql
postprocess: TestUtilities/PrettyPrintModels.ql

36
csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.expected
View File

@@ -1,13 +1,25 @@
#select
| ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException | exception information |
| ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException | exception information |
edges
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | Config Sink:MaD:2159 |
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:47762 Sink:MaD:2159 |
| ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | provenance | MaD:47767 Sink:MaD:2159 |
| ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | provenance | MaD:47767 |
| ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | provenance | MaD:47767 |
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | Config Sink:MaD:1 |
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | provenance | MaD:2 Sink:MaD:1 |
| ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | provenance | MaD:3 Sink:MaD:1 |
| ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | provenance | MaD:3 |
| ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | provenance | MaD:3 |
| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | Config |
| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:47762 |
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | Config Sink:MaD:2159 |
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | MaD:47762 Sink:MaD:2159 |
| ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | provenance | MaD:2 |
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | Config Sink:MaD:1 |
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | provenance | MaD:2 Sink:MaD:1 |
models
| 1 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
| 2 | Summary: System; Exception; false; ToString; (); ; Argument[this]; ReturnValue; taint; df-generated |
| 3 | Summary: System; Exception; true; get_StackTrace; (); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | semmle.label | access to local variable ex : Exception |
| ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | semmle.label | call to method ToString |
@@ -23,11 +35,3 @@ nodes
| ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | semmle.label | object creation of type MyException : MyException |
| ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | semmle.label | call to method ToString |
subpaths
#select
| ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:19:32:19:44 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:19:32:19:33 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:21:32:21:33 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex : Exception | ExceptionInformationExposure.cs:23:32:23:44 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:23:32:23:33 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException : Exception | ExceptionInformationExposure.cs:39:28:39:55 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:39:28:39:44 | access to property InnerException | exception information |
| ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:40:28:40:40 | access to property StackTrace | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:40:28:40:29 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex : Exception | ExceptionInformationExposure.cs:41:28:41:40 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:41:28:41:29 | access to local variable ex | exception information |
| ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException : MyException | ExceptionInformationExposure.cs:47:28:47:55 | call to method ToString | This information exposed to the user depends on $@. | ExceptionInformationExposure.cs:47:28:47:44 | object creation of type MyException | exception information |

3
csharp/ql/test/query-tests/Security Features/CWE-209/ExceptionInformationExposure.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-209/ExceptionInformationExposure.ql
query: Security Features/CWE-209/ExceptionInformationExposure.ql
postprocess: TestUtilities/PrettyPrintModels.ql

37
csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.expected
View File

@@ -1,22 +1,37 @@
#select
| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | This hard-coded $@ is used in symmetric algorithm in Decryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" | symmetric key |
edges
| HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:41:50:41:50 | access to local variable c : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:50:35:50:35 | access to local variable c : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:25:17:25:17 | access to local variable c : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | provenance | Sink:MaD:1859 |
| HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | provenance | Sink:MaD:3 |
| HardcodedSymmetricEncryptionKey.cs:26:17:26:17 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:36:37:36:37 | access to local variable d : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:28:17:28:35 | access to local variable byteArrayFromString : Byte[] | HardcodedSymmetricEncryptionKey.cs:44:51:44:69 | access to local variable byteArrayFromString : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | HardcodedSymmetricEncryptionKey.cs:28:17:28:35 | access to local variable byteArrayFromString : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
| HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:28:39:28:116 | call to method GetBytes : Byte[] | provenance | MaD:4 |
| HardcodedSymmetricEncryptionKey.cs:36:37:36:37 | access to local variable d : Byte[] | HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:41:50:41:50 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:44:51:44:69 | access to local variable byteArrayFromString : Byte[] | HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:50:35:50:35 | access to local variable c : Byte[] | HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | provenance | |
| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:1857 |
| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:39497 |
| HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | provenance | Sink:MaD:1859 |
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:1858 |
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:39499 |
| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:1 |
| HardcodedSymmetricEncryptionKey.cs:59:64:59:71 | password : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | provenance | Sink:MaD:5 |
| HardcodedSymmetricEncryptionKey.cs:103:57:103:59 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | provenance | Sink:MaD:3 |
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:2 |
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | provenance | Sink:MaD:6 |
models
| 1 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; CreateDecryptor; (System.Byte[],System.Byte[]); ; Argument[0]; encryption-decryptor; manual |
| 2 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; CreateEncryptor; (System.Byte[],System.Byte[]); ; Argument[0]; encryption-encryptor; manual |
| 3 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; set_Key; (System.Byte[]); ; Argument[0]; encryption-keyprop; manual |
| 4 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
| 5 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; CreateDecryptor; (System.Byte[],System.Byte[]); ; Argument[0]; encryption-decryptor; df-generated |
| 6 | Sink: System.Security.Cryptography; SymmetricAlgorithm; true; CreateEncryptor; (System.Byte[],System.Byte[]); ; Argument[0]; encryption-encryptor; df-generated |
nodes
| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | semmle.label | array creation of type Byte[] |
| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | semmle.label | array creation of type Byte[] |
@@ -38,11 +53,3 @@ nodes
| HardcodedSymmetricEncryptionKey.cs:112:63:112:65 | key : Byte[] | semmle.label | key : Byte[] |
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | semmle.label | access to parameter key |
subpaths
#select
| HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:17:21:17:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:22:23:22:99 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:31:21:31:21 | access to local variable d | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:68:87:68:94 | access to parameter password | This hard-coded $@ is used in symmetric algorithm in Decryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:108:23:108:25 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Key property assignment | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] : Byte[] | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:25:21:25:97 | array creation of type Byte[] | symmetric key |
| HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" : String | HardcodedSymmetricEncryptionKey.cs:121:87:121:89 | access to parameter key | This hard-coded $@ is used in symmetric algorithm in Encryptor(rgbKey, IV) | HardcodedSymmetricEncryptionKey.cs:28:62:28:115 | "Hello, world: here is a very bad way to create a key" | symmetric key |

3
csharp/ql/test/query-tests/Security Features/CWE-321/HardcodedSymmetricEncryptionKey/HardcodedSymmetricEncryptionKey.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-321/HardcodedEncryptionKey.ql
query: Security Features/CWE-321/HardcodedEncryptionKey.ql
postprocess: TestUtilities/PrettyPrintModels.ql

23
csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.expected
View File

@@ -1,23 +1,33 @@
#select
| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:28:29:28:43 | call to method Next | call to method Next |
| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:60:31:60:39 | call to method Next | call to method Next |
| InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:72:31:72:39 | call to method Next | call to method Next |
| InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | call to method GeneratePassword |
edges
| InsecureRandomness.cs:28:13:28:16 | [post] access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | provenance | |
| InsecureRandomness.cs:28:23:28:43 | (...) ... : Byte | InsecureRandomness.cs:28:13:28:16 | [post] access to local variable data : Byte[] [element] : Byte | provenance | |
| InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:28:23:28:43 | (...) ... : Byte | provenance | |
| InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | provenance | |
| InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | provenance | MaD:1910 |
| InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | provenance | MaD:1887 |
| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | provenance | MaD:1980 |
| InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | InsecureRandomness.cs:29:13:29:18 | [post] access to local variable result : StringBuilder | provenance | MaD:2 |
| InsecureRandomness.cs:29:57:29:60 | access to local variable data : Byte[] [element] : Byte | InsecureRandomness.cs:29:27:29:61 | call to method GetString : String | provenance | MaD:1 |
| InsecureRandomness.cs:31:16:31:21 | access to local variable result : StringBuilder | InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | provenance | MaD:3 |
| InsecureRandomness.cs:31:16:31:32 | call to method ToString : String | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | provenance | |
| InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | provenance | |
| InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | provenance | |
| InsecureRandomness.cs:60:23:60:40 | access to array element : String | InsecureRandomness.cs:60:13:60:18 | access to local variable result : String | provenance | |
| InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:60:23:60:40 | access to array element : String | provenance | Config |
| InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | provenance | MaD:2761 |
| InsecureRandomness.cs:62:16:62:21 | access to local variable result : String | InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | provenance | MaD:4 |
| InsecureRandomness.cs:62:16:62:32 | call to method ToString : String | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | provenance | |
| InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | provenance | |
| InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | provenance | |
| InsecureRandomness.cs:72:23:72:40 | access to indexer : String | InsecureRandomness.cs:72:13:72:18 | access to local variable result : String | provenance | |
| InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:72:23:72:40 | access to indexer : String | provenance | Config |
| InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | provenance | |
models
| 1 | Summary: System.Text; Encoding; true; GetString; (System.Byte[]); ; Argument[0].Element; ReturnValue; taint; manual |
| 2 | Summary: System.Text; StringBuilder; false; Append; (System.String); ; Argument[0]; Argument[this]; taint; manual |
| 3 | Summary: System.Text; StringBuilder; false; ToString; (); ; Argument[this]; ReturnValue; taint; manual |
| 4 | Summary: System; String; false; ToString; (); ; Argument[this]; ReturnValue; value; manual |
nodes
| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | semmle.label | call to method InsecureRandomString |
| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | semmle.label | call to method InsecureRandomStringFromSelection |
@@ -41,8 +51,3 @@ nodes
| InsecureRandomness.cs:74:16:74:21 | access to local variable result : String | semmle.label | access to local variable result : String |
| InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | semmle.label | call to method GeneratePassword |
subpaths
#select
| InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | InsecureRandomness.cs:28:29:28:43 | call to method Next : Int32 | InsecureRandomness.cs:12:27:12:50 | call to method InsecureRandomString | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:28:29:28:43 | call to method Next | call to method Next |
| InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | InsecureRandomness.cs:60:31:60:39 | call to method Next : Int32 | InsecureRandomness.cs:13:20:13:56 | call to method InsecureRandomStringFromSelection | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:60:31:60:39 | call to method Next | call to method Next |
| InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | InsecureRandomness.cs:72:31:72:39 | call to method Next : Int32 | InsecureRandomness.cs:14:20:14:54 | call to method InsecureRandomStringFromIndexer | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:72:31:72:39 | call to method Next | call to method Next |
| InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | This uses a cryptographically insecure random number generated at $@ in a security context. | InsecureRandomness.cs:80:28:80:81 | call to method GeneratePassword | call to method GeneratePassword |

3
csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.qlref
View File

@@ -1 +1,2 @@
Security Features/InsecureRandomness.ql
query: Security Features/InsecureRandomness.ql
postprocess: TestUtilities/PrettyPrintModels.ql

58
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.expected
View File

@@ -1,23 +1,35 @@
#select
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | User-provided data |
| DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
| DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
| ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | User-provided data |
| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | $@ flows to unsafe deserializer. | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | User-provided data |
| XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
| XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | User-provided data |
edges
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | provenance | MaD:1100 |
| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | provenance | MaD:2156 |
| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1100 |
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:2156 |
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
| DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1100 |
| DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:2156 |
| DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
| ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | provenance | MaD:1100 |
| ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | provenance | MaD:2156 |
| ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | provenance | MaD:2156 |
| XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1100 |
| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:2156 |
| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
| XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | provenance | MaD:1100 |
| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | MaD:2156 |
| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | MaD:1878 |
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | provenance | MaD:1 |
| BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | provenance | MaD:3 |
| BinaryFormatterUntrustedInputBad.cs:12:71:12:82 | access to property Text : String | BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | provenance | MaD:2 |
| DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1 |
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:3 |
| DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractJsonSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:2 |
| DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1 |
| DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:3 |
| DataContractSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | DataContractSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:2 |
| ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | provenance | MaD:1 |
| ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | provenance | MaD:3 |
| ResourceReaderUntrustedInputBad.cs:11:77:11:85 | access to property Text : String | ResourceReaderUntrustedInputBad.cs:11:54:11:86 | call to method GetBytes : Byte[] | provenance | MaD:2 |
| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | provenance | MaD:3 |
| XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | provenance | MaD:1 |
| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | provenance | MaD:3 |
| XmlObjectSerializerUntrustedInputBad.cs:13:70:13:78 | access to property Text : String | XmlObjectSerializerUntrustedInputBad.cs:13:47:13:79 | call to method GetBytes : Byte[] | provenance | MaD:2 |
| XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | provenance | MaD:1 |
| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | provenance | MaD:3 |
| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | XmlSerializerUntrustedInputBad.cs:13:48:13:80 | call to method GetBytes : Byte[] | provenance | MaD:2 |
models
| 1 | Summary: System.IO; MemoryStream; false; MemoryStream; (System.Byte[]); ; Argument[0]; Argument[this]; taint; manual |
| 2 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual |
| 3 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
nodes
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | semmle.label | object creation of type MemoryStream |
| BinaryFormatterUntrustedInputBad.cs:12:48:12:83 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
@@ -46,11 +58,3 @@ nodes
| XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
| XmlSerializerUntrustedInputBad.cs:13:71:13:79 | access to property Text : String | semmle.label | access to property Text : String |
subpaths
#select
| BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | BinaryFormatterUntrustedInputBad.cs:12:31:12:84 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | BinaryFormatterUntrustedInputBad.cs:12:71:12:77 | access to parameter textBox : TextBox | User-provided data |
| DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractJsonSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractJsonSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
| DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | DataContractSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | DataContractSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
| ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | ResourceReaderUntrustedInputBad.cs:11:37:11:87 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | ResourceReaderUntrustedInputBad.cs:11:77:11:80 | access to parameter data : TextBox | User-provided data |
| UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:48 | access to property Text | $@ flows to unsafe deserializer. | UnsafeDeserializationUntrustedInputBad.cs:10:37:10:43 | access to parameter textBox : TextBox | User-provided data |
| XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | XmlObjectSerializerUntrustedInputBad.cs:13:30:13:80 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlObjectSerializerUntrustedInputBad.cs:13:70:13:73 | access to parameter data : TextBox | User-provided data |
| XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | XmlSerializerUntrustedInputBad.cs:13:31:13:81 | object creation of type MemoryStream | $@ flows to unsafe deserializer. | XmlSerializerUntrustedInputBad.cs:13:71:13:74 | access to parameter data : TextBox | User-provided data |

3
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInput/UnsafeDeserializationUntrustedInput.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
query: Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
postprocess: TestUtilities/PrettyPrintModels.ql

12
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.expected
View File

@@ -1,7 +1,11 @@
#select
| Test.cs:17:46:17:54 | access to property Text | Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | $@ flows to unsafe deserializer. | Test.cs:17:46:17:49 | access to parameter data : TextBox | User-provided data |
edges
| Test.cs:9:46:9:49 | access to parameter data : TextBox | Test.cs:9:46:9:54 | access to property Text | provenance | MaD:2156 |
| Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | provenance | MaD:2156 |
| Test.cs:25:46:25:49 | access to parameter data : TextBox | Test.cs:25:46:25:54 | access to property Text | provenance | MaD:2156 |
| Test.cs:9:46:9:49 | access to parameter data : TextBox | Test.cs:9:46:9:54 | access to property Text | provenance | MaD:1 |
| Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | provenance | MaD:1 |
| Test.cs:25:46:25:49 | access to parameter data : TextBox | Test.cs:25:46:25:54 | access to property Text | provenance | MaD:1 |
models
| 1 | Summary: System.Web.UI.WebControls; TextBox; false; get_Text; (); ; Argument[this]; ReturnValue; taint; manual |
nodes
| Test.cs:9:46:9:49 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
| Test.cs:9:46:9:54 | access to property Text | semmle.label | access to property Text |
@@ -10,5 +14,3 @@ nodes
| Test.cs:25:46:25:49 | access to parameter data : TextBox | semmle.label | access to parameter data : TextBox |
| Test.cs:25:46:25:54 | access to property Text | semmle.label | access to property Text |
subpaths
#select
| Test.cs:17:46:17:54 | access to property Text | Test.cs:17:46:17:49 | access to parameter data : TextBox | Test.cs:17:46:17:54 | access to property Text | $@ flows to unsafe deserializer. | Test.cs:17:46:17:49 | access to parameter data : TextBox | User-provided data |

3
csharp/ql/test/query-tests/Security Features/CWE-502/UnsafeDeserializationUntrustedInputNewtonsoftJson/UnsafeDeserializationUntrustedInput.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
query: Security Features/CWE-502/UnsafeDeserializationUntrustedInput.ql
postprocess: TestUtilities/PrettyPrintModels.ql

62
csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.expected
View File

@@ -1,23 +1,42 @@
#select
| UrlRedirect2.cs:14:31:14:61 | access to indexer | UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect2.cs:14:31:14:53 | access to property QueryString | user-provided value |
| UrlRedirect.cs:13:31:13:61 | access to indexer | UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:13:31:13:53 | access to property QueryString | user-provided value |
| UrlRedirect.cs:38:44:38:74 | access to indexer | UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:38:44:38:66 | access to property QueryString | user-provided value |
| UrlRedirect.cs:39:47:39:77 | access to indexer | UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:39:47:39:69 | access to property QueryString | user-provided value |
| UrlRedirect.cs:48:29:48:31 | access to local variable url | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:48:29:48:31 | access to local variable url | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
| UrlRedirect.cs:64:31:64:52 | $"..." | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:64:31:64:52 | $"..." | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
| UrlRedirect.cs:70:31:70:69 | call to method Format | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:70:31:70:69 | call to method Format | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
| UrlRedirect.cs:76:31:76:77 | call to method Format | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:76:31:76:77 | call to method Format | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
| UrlRedirectCore.cs:16:22:16:26 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:31:66:31:70 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:31:66:31:70 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:34:49:34:53 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:34:49:34:53 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:37:69:37:73 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:37:69:37:73 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:40:39:40:53 | ... + ... | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:40:39:40:53 | ... + ... | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:48:28:48:32 | access to parameter value | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:48:28:48:32 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
| UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
| UrlRedirectCore.cs:56:31:56:35 | access to parameter value | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
edges
| UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | provenance | |
| UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | provenance | MaD:11546 |
| UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | provenance | MaD:5 |
| UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | provenance | |
| UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | provenance | MaD:11546 |
| UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | provenance | MaD:5 |
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:48:29:48:31 | access to local variable url | provenance | |
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:64:31:64:52 | $"..." | provenance | |
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:70:66:70:68 | access to local variable url : String | provenance | |
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:76:69:76:71 | access to local variable url : String | provenance | |
| UrlRedirect.cs:23:16:23:18 | access to local variable url : String | UrlRedirect.cs:76:74:76:76 | access to local variable url : String | provenance | |
| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | provenance | |
| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:22:23:52 | access to indexer : String | provenance | MaD:11546 |
| UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:23:22:23:52 | access to indexer : String | provenance | MaD:5 |
| UrlRedirect.cs:23:22:23:52 | access to indexer : String | UrlRedirect.cs:23:16:23:18 | access to local variable url : String | provenance | |
| UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | provenance | |
| UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | provenance | MaD:11546 |
| UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | provenance | MaD:5 |
| UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | provenance | |
| UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | provenance | MaD:11546 |
| UrlRedirect.cs:70:66:70:68 | access to local variable url : String | UrlRedirect.cs:70:31:70:69 | call to method Format | provenance | MaD:2700 |
| UrlRedirect.cs:76:69:76:71 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:2702 |
| UrlRedirect.cs:76:74:76:76 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:2703 |
| UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | provenance | MaD:5 |
| UrlRedirect.cs:70:66:70:68 | access to local variable url : String | UrlRedirect.cs:70:31:70:69 | call to method Format | provenance | MaD:1 |
| UrlRedirect.cs:76:69:76:71 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:2 |
| UrlRedirect.cs:76:74:76:76 | access to local variable url : String | UrlRedirect.cs:76:31:76:77 | call to method Format | provenance | MaD:3 |
| UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | provenance | |
| UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | provenance | |
| UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | provenance | |
@@ -28,7 +47,13 @@ edges
| UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:48:28:48:32 | access to parameter value | provenance | |
| UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | provenance | |
| UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | provenance | |
| UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | provenance | MaD:3007 |
| UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | provenance | MaD:4 |
models
| 1 | Summary: System; String; false; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual |
| 2 | Summary: System; String; false; Format; (System.String,System.Object,System.Object); ; Argument[1]; ReturnValue; taint; manual |
| 3 | Summary: System; String; false; Format; (System.String,System.Object,System.Object); ; Argument[2]; ReturnValue; taint; manual |
| 4 | Summary: System; Uri; false; Uri; (System.String); ; Argument[0]; Argument[this]; taint; manual |
| 5 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
| UrlRedirect2.cs:14:31:14:61 | access to indexer | semmle.label | access to indexer |
@@ -62,22 +87,3 @@ nodes
| UrlRedirectCore.cs:53:40:53:44 | access to parameter value : String | semmle.label | access to parameter value : String |
| UrlRedirectCore.cs:56:31:56:35 | access to parameter value | semmle.label | access to parameter value |
subpaths
#select
| UrlRedirect2.cs:14:31:14:61 | access to indexer | UrlRedirect2.cs:14:31:14:53 | access to property QueryString : NameValueCollection | UrlRedirect2.cs:14:31:14:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect2.cs:14:31:14:53 | access to property QueryString | user-provided value |
| UrlRedirect.cs:13:31:13:61 | access to indexer | UrlRedirect.cs:13:31:13:53 | access to property QueryString : NameValueCollection | UrlRedirect.cs:13:31:13:61 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:13:31:13:53 | access to property QueryString | user-provided value |
| UrlRedirect.cs:38:44:38:74 | access to indexer | UrlRedirect.cs:38:44:38:66 | access to property QueryString : NameValueCollection | UrlRedirect.cs:38:44:38:74 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:38:44:38:66 | access to property QueryString | user-provided value |
| UrlRedirect.cs:39:47:39:77 | access to indexer | UrlRedirect.cs:39:47:39:69 | access to property QueryString : NameValueCollection | UrlRedirect.cs:39:47:39:77 | access to indexer | Untrusted URL redirection due to $@. | UrlRedirect.cs:39:47:39:69 | access to property QueryString | user-provided value |
| UrlRedirect.cs:48:29:48:31 | access to local variable url | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:48:29:48:31 | access to local variable url | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
| UrlRedirect.cs:64:31:64:52 | $"..." | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:64:31:64:52 | $"..." | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
| UrlRedirect.cs:70:31:70:69 | call to method Format | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:70:31:70:69 | call to method Format | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
| UrlRedirect.cs:76:31:76:77 | call to method Format | UrlRedirect.cs:23:22:23:44 | access to property QueryString : NameValueCollection | UrlRedirect.cs:76:31:76:77 | call to method Format | Untrusted URL redirection due to $@. | UrlRedirect.cs:23:22:23:44 | access to property QueryString | user-provided value |
| UrlRedirectCore.cs:16:22:16:26 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:16:22:16:26 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:19:44:19:48 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:25:46:25:50 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:31:66:31:70 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:31:66:31:70 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:34:49:34:53 | call to operator implicit conversion | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:34:49:34:53 | call to operator implicit conversion | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:37:69:37:73 | access to parameter value | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:37:69:37:73 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:40:39:40:53 | ... + ... | UrlRedirectCore.cs:13:44:13:48 | value : String | UrlRedirectCore.cs:40:39:40:53 | ... + ... | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:13:44:13:48 | value | user-provided value |
| UrlRedirectCore.cs:48:28:48:32 | access to parameter value | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:48:28:48:32 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
| UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:53:32:53:45 | object creation of type Uri | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |
| UrlRedirectCore.cs:56:31:56:35 | access to parameter value | UrlRedirectCore.cs:45:51:45:55 | value : String | UrlRedirectCore.cs:56:31:56:35 | access to parameter value | Untrusted URL redirection due to $@. | UrlRedirectCore.cs:45:51:45:55 | value | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-601/UrlRedirect.ql
query: Security Features/CWE-601/UrlRedirect.ql
postprocess: TestUtilities/PrettyPrintModels.ql

3
csharp/ql/test/query-tests/Security Features/CWE-611/UseXmlSecureResolver.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-611/UseXmlSecureResolver.ql
query: Security Features/CWE-611/UseXmlSecureResolver.ql
postprocess: TestUtilities/PrettyPrintModels.ql

45
csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.expected
View File

@@ -1,11 +1,28 @@
#select
| XPathInjection.cs:17:33:17:33 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:17:33:17:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:17:33:17:33 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:17:33:17:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:20:29:20:29 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:20:29:20:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:20:29:20:29 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:20:29:20:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:29:20:29:20 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:29:20:29:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:29:20:29:20 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:29:20:29:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:35:30:35:30 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:35:30:35:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:35:30:35:30 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:35:30:35:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:41:21:41:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:41:21:41:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:41:21:41:21 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:41:21:41:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:47:22:47:22 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:47:22:47:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:47:22:47:22 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:47:22:47:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:53:21:53:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:53:21:53:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:53:21:53:21 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:53:21:53:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:81:41:81:144 | ... + ... | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:81:41:81:144 | ... + ... | This XPath expression depends on a $@. | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader | user-provided value |
| XPathInjection.cs:84:37:84:140 | ... + ... | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:84:37:84:140 | ... + ... | This XPath expression depends on a $@. | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader | user-provided value |
edges
| XPathInjection.cs:11:16:11:23 | access to local variable userName : String | XPathInjection.cs:14:13:14:13 | access to local variable s : String | provenance | |
| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:11:16:11:23 | access to local variable userName : String | provenance | |
| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:11:27:11:61 | access to indexer : String | provenance | MaD:11546 |
| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:11:27:11:61 | access to indexer : String | provenance | MaD:2 |
| XPathInjection.cs:11:27:11:61 | access to indexer : String | XPathInjection.cs:11:16:11:23 | access to local variable userName : String | provenance | |
| XPathInjection.cs:12:16:12:23 | access to local variable password : String | XPathInjection.cs:14:13:14:13 | access to local variable s : String | provenance | |
| XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:12:16:12:23 | access to local variable password : String | provenance | |
| XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:11546 |
| XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:12:27:12:61 | access to indexer : String | provenance | MaD:2 |
| XPathInjection.cs:12:27:12:61 | access to indexer : String | XPathInjection.cs:12:16:12:23 | access to local variable password : String | provenance | |
| XPathInjection.cs:14:13:14:13 | access to local variable s : String | XPathInjection.cs:17:33:17:33 | access to local variable s | provenance | |
| XPathInjection.cs:14:13:14:13 | access to local variable s : String | XPathInjection.cs:20:29:20:29 | access to local variable s | provenance | |
@@ -19,12 +36,15 @@ edges
| XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:74:27:74:40 | access to local variable customerReader : SqlDataReader | provenance | |
| XPathInjection.cs:78:24:78:31 | access to local variable userName : String | XPathInjection.cs:81:41:81:144 | ... + ... | provenance | |
| XPathInjection.cs:78:24:78:31 | access to local variable userName : String | XPathInjection.cs:84:37:84:140 | ... + ... | provenance | |
| XPathInjection.cs:78:35:78:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:78:35:78:61 | call to method GetString : String | provenance | MaD:1007 |
| XPathInjection.cs:78:35:78:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:78:35:78:61 | call to method GetString : String | provenance | MaD:1 |
| XPathInjection.cs:78:35:78:61 | call to method GetString : String | XPathInjection.cs:78:24:78:31 | access to local variable userName : String | provenance | |
| XPathInjection.cs:79:24:79:31 | access to local variable password : String | XPathInjection.cs:81:41:81:144 | ... + ... | provenance | |
| XPathInjection.cs:79:24:79:31 | access to local variable password : String | XPathInjection.cs:84:37:84:140 | ... + ... | provenance | |
| XPathInjection.cs:79:35:79:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:79:35:79:61 | call to method GetString : String | provenance | MaD:1007 |
| XPathInjection.cs:79:35:79:48 | access to local variable customerReader : SqlDataReader | XPathInjection.cs:79:35:79:61 | call to method GetString : String | provenance | MaD:1 |
| XPathInjection.cs:79:35:79:61 | call to method GetString : String | XPathInjection.cs:79:24:79:31 | access to local variable password : String | provenance | |
models
| 1 | Summary: System.Data; IDataRecord; true; GetString; (System.Int32); ; Argument[this]; ReturnValue; taint; manual |
| 2 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| XPathInjection.cs:11:16:11:23 | access to local variable userName : String | semmle.label | access to local variable userName : String |
| XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
@@ -51,20 +71,3 @@ nodes
| XPathInjection.cs:81:41:81:144 | ... + ... | semmle.label | ... + ... |
| XPathInjection.cs:84:37:84:140 | ... + ... | semmle.label | ... + ... |
subpaths
#select
| XPathInjection.cs:17:33:17:33 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:17:33:17:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:17:33:17:33 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:17:33:17:33 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:20:29:20:29 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:20:29:20:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:20:29:20:29 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:20:29:20:29 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:29:20:29:20 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:29:20:29:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:29:20:29:20 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:29:20:29:20 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:35:30:35:30 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:35:30:35:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:35:30:35:30 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:35:30:35:30 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:41:21:41:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:41:21:41:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:41:21:41:21 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:41:21:41:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:47:22:47:22 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:47:22:47:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:47:22:47:22 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:47:22:47:22 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:53:21:53:21 | access to local variable s | XPathInjection.cs:11:27:11:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:53:21:53:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:11:27:11:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:53:21:53:21 | access to local variable s | XPathInjection.cs:12:27:12:49 | access to property QueryString : NameValueCollection | XPathInjection.cs:53:21:53:21 | access to local variable s | This XPath expression depends on a $@. | XPathInjection.cs:12:27:12:49 | access to property QueryString | user-provided value |
| XPathInjection.cs:81:41:81:144 | ... + ... | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:81:41:81:144 | ... + ... | This XPath expression depends on a $@. | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader | user-provided value |
| XPathInjection.cs:84:37:84:140 | ... + ... | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader : SqlDataReader | XPathInjection.cs:84:37:84:140 | ... + ... | This XPath expression depends on a $@. | XPathInjection.cs:74:44:74:74 | call to method ExecuteReader | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-643/XPathInjection.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-643/XPathInjection.ql
query: Security Features/CWE-643/XPathInjection.ql
postprocess: TestUtilities/PrettyPrintModels.ql

16
csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.expected
View File

@@ -1,3 +1,9 @@
#select
| ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
| ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
| ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
| ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
| ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
edges
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | provenance | |
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | provenance | |
@@ -5,8 +11,10 @@ edges
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | provenance | |
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | provenance | |
| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | provenance | |
| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | provenance | MaD:11546 |
| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:11:28:11:63 | access to indexer : String | provenance | MaD:1 |
| ExponentialRegex.cs:11:28:11:63 | access to indexer : String | ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | provenance | |
models
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| ExponentialRegex.cs:11:16:11:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String |
| ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
@@ -17,9 +25,3 @@ nodes
| ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | semmle.label | access to local variable userInput |
| ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | semmle.label | access to local variable userInput |
subpaths
#select
| ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:15:40:15:48 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
| ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:16:42:16:50 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
| ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:19:139:19:147 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
| ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:22:43:22:51 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |
| ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | ExponentialRegex.cs:11:28:11:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:24:21:24:29 | access to local variable userInput | This regex operation with dangerous complexity depends on a $@. | ExponentialRegex.cs:11:28:11:50 | access to property QueryString | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-730/ReDoS/ReDoS.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-730/ReDoS.ql
query: Security Features/CWE-730/ReDoS.ql
postprocess: TestUtilities/PrettyPrintModels.ql

6
csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.expected
View File

@@ -1,12 +1,14 @@
#select
edges
| ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | ExponentialRegex.cs:16:40:16:48 | access to local variable userInput | provenance | |
| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | provenance | |
| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | provenance | MaD:11546 |
| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | ExponentialRegex.cs:13:28:13:63 | access to indexer : String | provenance | MaD:1 |
| ExponentialRegex.cs:13:28:13:63 | access to indexer : String | ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | provenance | |
models
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| ExponentialRegex.cs:13:16:13:24 | access to local variable userInput : String | semmle.label | access to local variable userInput : String |
| ExponentialRegex.cs:13:28:13:50 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
| ExponentialRegex.cs:13:28:13:63 | access to indexer : String | semmle.label | access to indexer : String |
| ExponentialRegex.cs:16:40:16:48 | access to local variable userInput | semmle.label | access to local variable userInput |
subpaths
#select

3
csharp/ql/test/query-tests/Security Features/CWE-730/ReDoSGlobalTimeout/ReDoS.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-730/ReDoS.ql
query: Security Features/CWE-730/ReDoS.ql
postprocess: TestUtilities/PrettyPrintModels.ql

8
csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.expected
View File

@@ -1,13 +1,15 @@
#select
| RegexInjection.cs:14:19:14:23 | access to local variable regex | RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:14:19:14:23 | access to local variable regex | This regular expression is constructed from a $@. | RegexInjection.cs:10:24:10:46 | access to property QueryString | user-provided value |
edges
| RegexInjection.cs:10:16:10:20 | access to local variable regex : String | RegexInjection.cs:14:19:14:23 | access to local variable regex | provenance | |
| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | provenance | |
| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:24:10:55 | access to indexer : String | provenance | MaD:11546 |
| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:10:24:10:55 | access to indexer : String | provenance | MaD:1 |
| RegexInjection.cs:10:24:10:55 | access to indexer : String | RegexInjection.cs:10:16:10:20 | access to local variable regex : String | provenance | |
models
| 1 | Summary: System.Collections.Specialized; NameValueCollection; false; get_Item; (System.String); ; Argument[this]; ReturnValue; taint; df-generated |
nodes
| RegexInjection.cs:10:16:10:20 | access to local variable regex : String | semmle.label | access to local variable regex : String |
| RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | semmle.label | access to property QueryString : NameValueCollection |
| RegexInjection.cs:10:24:10:55 | access to indexer : String | semmle.label | access to indexer : String |
| RegexInjection.cs:14:19:14:23 | access to local variable regex | semmle.label | access to local variable regex |
subpaths
#select
| RegexInjection.cs:14:19:14:23 | access to local variable regex | RegexInjection.cs:10:24:10:46 | access to property QueryString : NameValueCollection | RegexInjection.cs:14:19:14:23 | access to local variable regex | This regular expression is constructed from a $@. | RegexInjection.cs:10:24:10:46 | access to property QueryString | user-provided value |

3
csharp/ql/test/query-tests/Security Features/CWE-730/RegexInjection/RegexInjection.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-730/RegexInjection.ql
query: Security Features/CWE-730/RegexInjection.ql
postprocess: TestUtilities/PrettyPrintModels.ql

14
csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.ql
View File

@@ -1,14 +0,0 @@
/**
* @kind path-problem
*/
import csharp
import semmle.code.csharp.security.dataflow.ConditionalBypassQuery
import codeql.dataflow.test.ProvenancePathGraph
import semmle.code.csharp.dataflow.internal.ExternalFlow
import ShowProvenance<interpretModelForTest/2, ConditionalBypass::PathNode, ConditionalBypass::PathGraph>
from ConditionalBypass::PathNode source, ConditionalBypass::PathNode sink
where ConditionalBypass::flowPath(source, sink)
select sink.getNode(), source, sink, "This condition guards a sensitive $@, but a $@ controls it.",
sink.getNode().(Sink).getSensitiveMethodCall(), "action", source.getNode(), "user-provided value"

2
csharp/ql/test/query-tests/Security Features/CWE-807/ConditionalBypass.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Security Features/CWE-807/ConditionalBypass.ql
postprocess: TestUtilities/PrettyPrintModels.ql

38
csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.expected
View File

@@ -1,19 +1,36 @@
#select
| HtmlEncode.cs:10:28:10:65 | ... + ... | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | This HTML expression may include data from a $@. | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | This SQL expression may include data from a $@. | InappropriateEncoding.cs:13:28:13:40 | call to method Encode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | InappropriateEncoding.cs:66:16:66:42 | call to method Replace : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | This SQL expression may include data from a $@. | InappropriateEncoding.cs:66:16:66:42 | call to method Replace | possibly inappropriately encoded value |
| InappropriateEncoding.cs:31:22:31:34 | call to method Encode | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:36:22:36:59 | ... + ... | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:36:22:36:59 | ... + ... | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:37:22:37:71 | call to method Format | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode : String | InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | This URL expression may include data from a $@. | InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode | possibly inappropriately encoded value |
| SqlEncode.cs:15:46:15:50 | access to local variable query | SqlEncode.cs:14:62:14:87 | call to method Replace : String | SqlEncode.cs:15:46:15:50 | access to local variable query | This SQL expression may include data from a $@. | SqlEncode.cs:14:62:14:87 | call to method Replace | possibly inappropriately encoded value |
| UrlEncode.cs:10:31:10:69 | ... + ... | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | UrlEncode.cs:10:31:10:69 | ... + ... | This URL expression may include data from a $@. | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode | possibly inappropriately encoded value |
edges
| HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | provenance | Sink:MaD:2159 |
| HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | provenance | Sink:MaD:2 |
| InappropriateEncoding.cs:13:13:13:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:16:17:16:22 | access to local variable query1 : String | provenance | |
| InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | InappropriateEncoding.cs:13:13:13:24 | access to local variable encodedValue : String | provenance | |
| InappropriateEncoding.cs:16:17:16:22 | access to local variable query1 : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | provenance | Sink:MaD:951 |
| InappropriateEncoding.cs:16:17:16:22 | access to local variable query1 : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | provenance | Sink:MaD:1 |
| InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | provenance | |
| InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:36:22:36:59 | ... + ... | provenance | |
| InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:37:59:37:70 | access to local variable encodedValue : String | provenance | |
| InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:34:13:34:24 | access to local variable encodedValue : String | provenance | |
| InappropriateEncoding.cs:37:59:37:70 | access to local variable encodedValue : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | provenance | MaD:2700 |
| InappropriateEncoding.cs:37:59:37:70 | access to local variable encodedValue : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | provenance | MaD:3 |
| InappropriateEncoding.cs:55:13:55:24 | access to local variable encodedValue : String | InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | provenance | |
| InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode : String | InappropriateEncoding.cs:55:13:55:24 | access to local variable encodedValue : String | provenance | |
| InappropriateEncoding.cs:66:16:66:42 | call to method Replace : String | InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | provenance | |
| SqlEncode.cs:14:17:14:21 | access to local variable query : String | SqlEncode.cs:15:46:15:50 | access to local variable query | provenance | Sink:MaD:951 |
| SqlEncode.cs:14:17:14:21 | access to local variable query : String | SqlEncode.cs:15:46:15:50 | access to local variable query | provenance | Sink:MaD:1 |
| SqlEncode.cs:14:62:14:87 | call to method Replace : String | SqlEncode.cs:14:17:14:21 | access to local variable query : String | provenance | |
| UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | UrlEncode.cs:10:31:10:69 | ... + ... | provenance | |
models
| 1 | Sink: System.Data.SqlClient; SqlDataAdapter; false; SqlDataAdapter; (System.String,System.Data.SqlClient.SqlConnection); ; Argument[0]; sql-injection; manual |
| 2 | Sink: System.Web; HttpResponse; false; Write; ; ; Argument[0]; html-injection; manual |
| 3 | Summary: System; String; false; Format; (System.String,System.Object); ; Argument[1]; ReturnValue; taint; manual |
nodes
| HtmlEncode.cs:10:28:10:65 | ... + ... | semmle.label | ... + ... |
| HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | semmle.label | call to method UrlEncode : String |
@@ -40,16 +57,3 @@ nodes
| UrlEncode.cs:10:31:10:69 | ... + ... | semmle.label | ... + ... |
| UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | semmle.label | call to method HtmlEncode : String |
subpaths
#select
| HtmlEncode.cs:10:28:10:65 | ... + ... | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode : String | HtmlEncode.cs:10:28:10:65 | ... + ... | This HTML expression may include data from a $@. | HtmlEncode.cs:10:40:10:65 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | InappropriateEncoding.cs:13:28:13:40 | call to method Encode : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | This SQL expression may include data from a $@. | InappropriateEncoding.cs:13:28:13:40 | call to method Encode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | InappropriateEncoding.cs:66:16:66:42 | call to method Replace : String | InappropriateEncoding.cs:18:46:18:51 | access to local variable query1 | This SQL expression may include data from a $@. | InappropriateEncoding.cs:66:16:66:42 | call to method Replace | possibly inappropriately encoded value |
| InappropriateEncoding.cs:31:22:31:34 | call to method Encode | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:31:22:31:34 | call to method Encode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:32:22:32:49 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | This HTML expression may include data from a $@. | InappropriateEncoding.cs:33:22:33:73 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:35:32:35:43 | access to local variable encodedValue | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:36:22:36:59 | ... + ... | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:36:22:36:59 | ... + ... | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:37:22:37:71 | call to method Format | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode : String | InappropriateEncoding.cs:37:22:37:71 | call to method Format | This HTML expression may include data from a $@. | InappropriateEncoding.cs:34:28:34:55 | call to method UrlEncode | possibly inappropriately encoded value |
| InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode : String | InappropriateEncoding.cs:56:31:56:42 | access to local variable encodedValue | This URL expression may include data from a $@. | InappropriateEncoding.cs:55:28:55:56 | call to method HtmlEncode | possibly inappropriately encoded value |
| SqlEncode.cs:15:46:15:50 | access to local variable query | SqlEncode.cs:14:62:14:87 | call to method Replace : String | SqlEncode.cs:15:46:15:50 | access to local variable query | This SQL expression may include data from a $@. | SqlEncode.cs:14:62:14:87 | call to method Replace | possibly inappropriately encoded value |
| UrlEncode.cs:10:31:10:69 | ... + ... | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode : String | UrlEncode.cs:10:31:10:69 | ... + ... | This URL expression may include data from a $@. | UrlEncode.cs:10:43:10:69 | call to method HtmlEncode | possibly inappropriately encoded value |

3
csharp/ql/test/query-tests/Security Features/CWE-838/InappropriateEncoding.qlref
View File

@@ -1 +1,2 @@
Security Features/CWE-838/InappropriateEncoding.ql
query: Security Features/CWE-838/InappropriateEncoding.ql
postprocess: TestUtilities/PrettyPrintModels.ql