Move test files to the test folder

csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql

@@ -22,19 +22,17 @@ class HashAlgorithmProvider extends RefType {
   }
 }
 
-/** The method call `ComputeHash()` declared in `System.Security.Cryptography.SHA...`. */
+/**
-class ComputeHashMethodCall extends MethodCall {
+ * The method `ComputeHash()` declared in `System.Security.Cryptography.SHA...` and
-  ComputeHashMethodCall() {
+ * the method `HashData()` declared in `Windows.Security.Cryptography.Core.HashAlgorithmProvider`.
-    this.getQualifier().getType() instanceof SHA and
+ */
-    this.getTarget().hasName("ComputeHash")
+class HashMethod extends Method {
-  }
+  HashMethod() {
-}
+    this.getDeclaringType() instanceof SHA and
-
+    this.hasName("ComputeHash")
-/** The method call `ComputeHash()` declared in `System.Security.Cryptography.SHA...`. */
+    or
-class HashDataMethodCall extends MethodCall {
+    this.getDeclaringType() instanceof HashAlgorithmProvider and
-  HashDataMethodCall() {
+    this.hasName("HashData")
-    this.getQualifier().getType() instanceof HashAlgorithmProvider and
-    this.getTarget().hasName("HashData")
   }
 }
 
@@ -55,11 +53,9 @@ class HashWithoutSaltConfiguration extends TaintTracking::Configuration {
   override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof PasswordVarExpr }
 
   override predicate isSink(DataFlow::Node sink) {
-    exists(ComputeHashMethodCall mc |
+    exists(MethodCall mc |
-      sink.asExpr() = mc.getArgument(0) // sha256Hash.ComputeHash(rawDatabytes)
+      sink.asExpr() = mc.getArgument(0) and
-    ) or
+      mc.getTarget() instanceof HashMethod
-    exists(HashDataMethodCall mc |
-      sink.asExpr() = mc.getArgument(0) // algProv.HashData(rawDatabytes)
     )
   }
 

csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.qlref

@@ -0,0 +1 @@
+experimental/Security Features/CWE-759/HashWithoutSalt.ql