From 90db9b330f6291aad7ea56b2bdced31ce3909753 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 15 Mar 2024 15:37:03 +0100 Subject: [PATCH 1/9] C#: Add MaD source and sink test query to shared library. --- .../csharp/dataflow/internal/ExternalFlow.qll | 4 +- .../dataflow/internal/FlowSummaryImpl.qll | 8 +- .../dataflow/library/FlowSummaries.ql | 17 +++++ .../dataflow/internal/FlowSummaryImpl.qll | 75 +++++++++++++++++-- 4 files changed, 90 insertions(+), 14 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll index 5c985759b78..7e22351ee66 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll @@ -395,14 +395,14 @@ Declaration interpretElement( * A callable where there exists a MaD sink model that applies to it. */ class SinkCallable extends Callable { - SinkCallable() { SourceSinkInterpretationInput::sinkElement(this, _, _) } + SinkCallable() { SourceSinkInterpretationInput::sinkElement(this, _, _, _) } } /** * A callable where there exists a MaD source model that applies to it. */ class SourceCallable extends Callable { - SourceCallable() { SourceSinkInterpretationInput::sourceElement(this, _, _) } + SourceCallable() { SourceSinkInterpretationInput::sourceElement(this, _, _, _) } } cached diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll index 19972a86ab6..f1113e6e437 100644 --- a/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll +++ b/csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll @@ -160,20 +160,20 @@ module SourceSinkInterpretationInput implements class Element = Cs::Element; - predicate sourceElement(Element e, string output, string kind) { + predicate sourceElement(Element e, string output, string kind, Public::Provenance provenance) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext | - sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, _) and + sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance) and e = interpretElement(namespace, type, subtypes, name, signature, ext) ) } - predicate sinkElement(Element e, string input, string kind) { + predicate sinkElement(Element e, string input, string kind, Public::Provenance provenance) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext | - sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, _) and + sinkModel(namespace, type, subtypes, name, signature, ext, input, kind, provenance) and e = interpretElement(namespace, type, subtypes, name, signature, ext) ) } diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql index ee3ac53742a..76f5c8f8840 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql @@ -1,5 +1,6 @@ import shared.FlowSummaries import semmle.code.csharp.dataflow.internal.ExternalFlow +import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private::External private class IncludeAllSummarizedCallable extends IncludeSummarizedCallable { IncludeAllSummarizedCallable() { exists(this) } @@ -9,3 +10,19 @@ private class IncludeNeutralSummarizedCallable extends RelevantNeutralCallable { /** Gets a string representing the callable in semi-colon separated format for use in flow summaries. */ final override string getCallableCsv() { result = asPartialNeutralModel(this) } } + +module TestSourceSinkInput implements TestSourceSinkInputSig { + class RelevantSourceCallable instanceof SourceCallable { + string getCallableCsv() { result = asPartialModel(this) } + + string toString() { result = super.toString() } + } + + class RelevantSinkCallable instanceof SinkCallable { + string getCallableCsv() { result = asPartialModel(this) } + + string toString() { result = super.toString() } + } +} + +import TestSourceSinkOutput diff --git a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll index f3e840720ab..19a33ec810a 100644 --- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll @@ -1468,13 +1468,13 @@ module Make Input> { * Holds if an external source specification exists for `n` with output specification * `output` and kind `kind`. */ - predicate sourceElement(Element n, string output, string kind); + predicate sourceElement(Element n, string output, string kind, Provenance provenance); /** * Holds if an external sink specification exists for `n` with input specification * `input` and kind `kind`. */ - predicate sinkElement(Element n, string input, string kind); + predicate sinkElement(Element n, string input, string kind, Provenance provenance); class SourceOrSinkElement extends Element; @@ -1529,8 +1529,8 @@ module Make Input> { private import SourceSinkInterpretationInput private predicate sourceSinkSpec(string spec) { - sourceElement(_, spec, _) or - sinkElement(_, spec, _) + sourceElement(_, spec, _, _) or + sinkElement(_, spec, _, _) } private module AccessPath = AccessPathSyntax::AccessPath; @@ -1562,7 +1562,7 @@ module Make Input> { InterpretNode ref, SourceSinkAccessPath output, string kind ) { exists(SourceOrSinkElement e | - sourceElement(e, output, kind) and + sourceElement(e, output, kind, _) and if outputNeedsReferenceExt(output.getToken(0)) then e = ref.getCallTarget() else e = ref.asElement() @@ -1576,7 +1576,7 @@ module Make Input> { private predicate sinkElementRef(InterpretNode ref, SourceSinkAccessPath input, string kind) { exists(SourceOrSinkElement e | - sinkElement(e, input, kind) and + sinkElement(e, input, kind, _) and if inputNeedsReferenceExt(input.getToken(0)) then e = ref.getCallTarget() else e = ref.asElement() @@ -1691,6 +1691,63 @@ module Make Input> { interpretInput(input, input.getNumToken(), ref, node) ) } + + signature module TestSourceSinkInputSig { + /** + * A class or source elements relevant for testing. + */ + class RelevantSourceCallable instanceof SourceOrSinkElement { + /** Gets the string representation of this callable used by `source/1`. */ + string getCallableCsv(); + } + + /** + * A class or sink elements relevant for testing. + */ + class RelevantSinkCallable instanceof SourceOrSinkElement { + /** Gets the string representation of this callable used by `source/1`. */ + string getCallableCsv(); + } + } + + /** Provides query predicates for outputting a set of relevant sources and sinks. */ + module TestSourceSinkOutput { + private import TestSourceSinkInput + + /** + * Holds if there exists a relevant source callable with information roughly corresponding to `csv`. + * Used for testing. + * The syntax is: "namespace;type;overrides;name;signature;ext;outputspec;kind;provenance", + * ext is hardcoded to empty. + */ + query predicate source(string csv) { + exists(RelevantSourceCallable c, string output, string kind, Provenance provenance | + sourceElement(c, output, kind, provenance) and + csv = + c.getCallableCsv() // Callable information + + output + ";" // output + + kind + ";" // kind + + provenance // provenance + ) + } + + /** + * Holds if there exists a relevant sink callable with information roughly corresponding to `csv`. + * Used for testing. + * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;kind;provenance", + * ext is hardcoded to empty. + */ + query predicate sink(string csv) { + exists(RelevantSinkCallable c, string input, string kind, Provenance provenance | + sinkElement(c, input, kind, provenance) and + csv = + c.getCallableCsv() // Callable information + + input + ";" // input + + kind + ";" // kind + + provenance // provenance + ) + } + } } } @@ -1746,7 +1803,8 @@ module Make Input> { } /** - * A query predicate for outputting flow summaries in semi-colon separated format in QL tests. + * Holds if there exists a relevant summary callable with information roughly corresponding to `csv`. + * Used for testing. * The syntax is: "namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind;provenance", * ext is hardcoded to empty. */ @@ -1766,7 +1824,8 @@ module Make Input> { } /** - * Holds if a neutral model `csv` exists (semi-colon separated format). Used for testing purposes. + * Holds if there exists a relevant neutral callable with information roughly corresponding to `csv`. + * Used for testing. * The syntax is: "namespace;type;name;signature;kind;provenance"", */ query predicate neutral(string csv) { From 5b37ee4ec79ee9df2fc53d86712e218d2a634982 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 19 Mar 2024 11:37:53 +0100 Subject: [PATCH 2/9] Re-factor TestOutput into a param module. --- .../dataflow/library/FlowSummaries.ql | 17 ++-- .../dataflow/library/FlowSummariesFiltered.ql | 12 ++- .../EntityFramework/FlowSummaries.ql | 8 +- csharp/ql/test/shared/FlowSummaries.qll | 7 +- .../dataflow/internal/FlowSummaryImpl.qll | 77 ++++++++++++------- 5 files changed, 80 insertions(+), 41 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql index 76f5c8f8840..b09721b4f3f 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql @@ -1,14 +1,17 @@ import shared.FlowSummaries import semmle.code.csharp.dataflow.internal.ExternalFlow -import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private::External +import External -private class IncludeAllSummarizedCallable extends IncludeSummarizedCallable { - IncludeAllSummarizedCallable() { exists(this) } +module TestSummaryInput implements TestSummaryInputSig { + class RelevantSummarizedCallable = IncludeSummarizedCallable; } -private class IncludeNeutralSummarizedCallable extends RelevantNeutralCallable { - /** Gets a string representing the callable in semi-colon separated format for use in flow summaries. */ - final override string getCallableCsv() { result = asPartialNeutralModel(this) } +module TestNeutralInput implements TestNeutralInputSig { + class RelevantNeutralCallable instanceof NeutralCallable { + final string getCallableCsv() { result = asPartialNeutralModel(this) } + + string toString() { result = super.toString() } + } } module TestSourceSinkInput implements TestSourceSinkInputSig { @@ -25,4 +28,6 @@ module TestSourceSinkInput implements TestSourceSinkInputSig { } } +import TestSummaryOutput +import TestNeutralOutput import TestSourceSinkOutput diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql index c3584afcbc3..fe3a931b451 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql @@ -1,9 +1,13 @@ import shared.FlowSummaries private import semmle.code.csharp.dataflow.internal.ExternalFlow -class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable { - IncludeFilteredSummarizedCallable() { exists(this) } +module TestSummaryInput implements TestSummaryInputSig { + class RelevantSummarizedCallable = IncludeSummarizedCallable; +} +import TestSummaryOutput + +class IncludeFilteredSummarizedCallable extends RelevantSummarizedCallable { /** * Holds if flow is propagated between `input` and `output` and * if there is no summary for a callable in a `base` class or interface @@ -12,10 +16,10 @@ class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable { override predicate relevantSummary( SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue ) { - super.propagatesFlow(input, output, preservesValue) and + this.(SummarizedCallableImpl).propagatesFlow(input, output, preservesValue) and not exists(IncludeSummarizedCallable rsc | isBaseCallableOrPrototype(rsc) and - rsc.propagatesFlow(input, output, preservesValue) and + rsc.(SummarizedCallableImpl).propagatesFlow(input, output, preservesValue) and this.(UnboundCallable).overridesOrImplementsUnbound(rsc) ) } diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql index bef72ca30a1..b5f0aa90ed4 100644 --- a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql +++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql @@ -3,8 +3,12 @@ import shared.FlowSummaries import semmle.code.csharp.frameworks.EntityFramework::EntityFramework import semmle.code.csharp.dataflow.internal.ExternalFlow as ExternalFlow -private class IncludeEFSummarizedCallable extends IncludeSummarizedCallable instanceof EFSummarizedCallable -{ } +module TestSummaryInput implements TestSummaryInputSig { + class RelevantSummarizedCallable extends IncludeSummarizedCallable instanceof EFSummarizedCallable + { } +} + +import TestSummaryOutput query predicate sourceNode(DataFlow::Node node, string kind) { ExternalFlow::sourceNode(node, kind) diff --git a/csharp/ql/test/shared/FlowSummaries.qll b/csharp/ql/test/shared/FlowSummaries.qll index 83a1530b028..39028ef2df7 100644 --- a/csharp/ql/test/shared/FlowSummaries.qll +++ b/csharp/ql/test/shared/FlowSummaries.qll @@ -1,13 +1,14 @@ import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Public -import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private::TestOutput private import semmle.code.csharp.dataflow.internal.ExternalFlow -abstract class IncludeSummarizedCallable extends RelevantSummarizedCallable { +class IncludeSummarizedCallable instanceof SummarizedCallableImpl { IncludeSummarizedCallable() { [this.(Modifiable), this.(Accessor).getDeclaration()].isEffectivelyPublic() } /** Gets a string representing the callable in semi-colon separated format for use in flow summaries. */ - final override string getCallableCsv() { result = asPartialModel(this) } + final string getCallableCsv() { result = asPartialModel(this) } + + string toString() { result = super.toString() } } diff --git a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll index 19a33ec810a..9d059366513 100644 --- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll @@ -1751,32 +1751,31 @@ module Make Input> { } } - /** Provides a query predicate for outputting a set of relevant flow summaries. */ - module TestOutput { - final private class SummarizedCallableImplFinal = SummarizedCallableImpl; - - /** A flow summary to include in the `summary/1` query predicate. */ - abstract class RelevantSummarizedCallable extends SummarizedCallableImplFinal { + signature module TestSummaryInputSig { + /** + * A class of callables where the flow summary should be included + * in the `summary/1` query predicate. + */ + class RelevantSummarizedCallable instanceof SummarizedCallableImpl { /** Gets the string representation of this callable used by `summary/1`. */ - abstract string getCallableCsv(); + string getCallableCsv(); + } + } + /** Provides a query predicate for outputting a set of relevant flow summaries. */ + module TestSummaryOutput { + private import TestInput + + final class RelevantSummarizedCallableFinal = TestInput::RelevantSummarizedCallable; + + class RelevantSummarizedCallable extends RelevantSummarizedCallableFinal instanceof SummarizedCallableImpl + { /** Holds if flow is propagated between `input` and `output`. */ predicate relevantSummary( SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue ) { super.propagatesFlow(input, output, preservesValue) } - } - - /** A model to include in the `neutral/1` query predicate. */ - abstract class RelevantNeutralCallable instanceof NeutralCallable { - /** Gets the string representation of this callable used by `neutral/1`. */ - abstract string getCallableCsv(); - - /** - * Gets the kind of the neutral. - */ - string getKind() { result = super.getKind() } string toString() { result = super.toString() } } @@ -1795,13 +1794,6 @@ module Make Input> { c.hasProvenance(result) } - private string renderProvenanceNeutral(NeutralCallable c) { - exists(Provenance p | p.isManual() and c.hasProvenance(p) and result = p.toString()) - or - not c.hasManualModel() and - c.hasProvenance(result) - } - /** * Holds if there exists a relevant summary callable with information roughly corresponding to `csv`. * Used for testing. @@ -1822,6 +1814,39 @@ module Make Input> { + renderProvenance(c) // provenance ) } + } + + signature module TestNeutralInputSig { + /** + * A class of callables where the neutral model should be included + * in the `neutral/1` query predicate. + */ + class RelevantNeutralCallable instanceof NeutralCallable { + /** Gets the string representation of this callable used by `neutral/1`. */ + string getCallableCsv(); + } + } + + module TestNeutralOutput { + private import TestInput + + final class RelevantNeutralCallableFinal = TestInput::RelevantNeutralCallable; + + class RelevantNeutralCallable extends RelevantNeutralCallableFinal instanceof NeutralCallable { + /** + * Gets the kind of the neutral. + */ + string getKind() { result = super.getKind() } + + string toString() { result = super.toString() } + } + + private string renderProvenance(NeutralCallable c) { + exists(Provenance p | p.isManual() and c.hasProvenance(p) and result = p.toString()) + or + not c.hasManualModel() and + c.hasProvenance(result) + } /** * Holds if there exists a relevant neutral callable with information roughly corresponding to `csv`. @@ -1833,7 +1858,7 @@ module Make Input> { csv = c.getCallableCsv() // Callable information + c.getKind() + ";" // kind - + renderProvenanceNeutral(c) // provenance + + renderProvenance(c) // provenance ) } } From e32902ad47df61966fd0888c380dae5010afc255 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 15 Mar 2024 15:39:45 +0100 Subject: [PATCH 3/9] C#: Update source expected test output. --- .../dataflow/library/FlowSummaries.expected | 77 +++++++++++++++++++ 1 file changed, 77 insertions(+) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index fc02c1916a8..af6a55c64f7 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -1,3 +1,80 @@ +source +| Microsoft.Extensions.Configuration;EnvironmentVariablesExtensions;false;AddEnvironmentVariables;(Microsoft.Extensions.Configuration.IConfigurationBuilder);;Argument[0];environment;manual | +| Microsoft.Extensions.Configuration;EnvironmentVariablesExtensions;false;AddEnvironmentVariables;(Microsoft.Extensions.Configuration.IConfigurationBuilder);;ReturnValue;environment;manual | +| Microsoft.Extensions.Configuration;EnvironmentVariablesExtensions;false;AddEnvironmentVariables;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Action);;Argument[0];environment;manual | +| Microsoft.Extensions.Configuration;EnvironmentVariablesExtensions;false;AddEnvironmentVariables;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.Action);;ReturnValue;environment;manual | +| Microsoft.Extensions.Configuration;EnvironmentVariablesExtensions;false;AddEnvironmentVariables;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.String);;Argument[0];environment;manual | +| Microsoft.Extensions.Configuration;EnvironmentVariablesExtensions;false;AddEnvironmentVariables;(Microsoft.Extensions.Configuration.IConfigurationBuilder,System.String);;ReturnValue;environment;manual | +| Microsoft.Win32;Registry;false;GetValue;(System.String,System.String,System.Object);;ReturnValue;windows-registry;manual | +| Microsoft.Win32;RegistryKey;false;GetSubKeyNames;();;ReturnValue;windows-registry;manual | +| Microsoft.Win32;RegistryKey;false;GetValue;(System.String);;ReturnValue;windows-registry;manual | +| Microsoft.Win32;RegistryKey;false;GetValue;(System.String,System.Object);;ReturnValue;windows-registry;manual | +| Microsoft.Win32;RegistryKey;false;GetValue;(System.String,System.Object,Microsoft.Win32.RegistryValueOptions);;ReturnValue;windows-registry;manual | +| Microsoft.Win32;RegistryKey;false;GetValueNames;();;ReturnValue;windows-registry;manual | +| System.IO;File;false;AppendText;(System.String);;ReturnValue;file-write;manual | +| System.IO;File;false;Create;(System.String);;ReturnValue;file-write;manual | +| System.IO;File;false;Create;(System.String,System.Int32);;ReturnValue;file-write;manual | +| System.IO;File;false;Create;(System.String,System.Int32,System.IO.FileOptions);;ReturnValue;file-write;manual | +| System.IO;File;false;CreateText;(System.String);;ReturnValue;file-write;manual | +| System.IO;File;false;Open;(System.String,System.IO.FileMode);;ReturnValue;file-write;manual | +| System.IO;File;false;Open;(System.String,System.IO.FileMode,System.IO.FileAccess);;ReturnValue;file-write;manual | +| System.IO;File;false;Open;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;ReturnValue;file-write;manual | +| System.IO;File;false;Open;(System.String,System.IO.FileStreamOptions);;ReturnValue;file-write;manual | +| System.IO;File;false;OpenWrite;(System.String);;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;AppendText;();;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;Create;();;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;CreateText;();;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;Open;(System.IO.FileMode);;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;Open;(System.IO.FileMode,System.IO.FileAccess);;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;Open;(System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;Open;(System.IO.FileStreamOptions);;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;OpenWrite;();;ReturnValue;file-write;manual | +| System.IO;FileStream;false;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess,System.Int32);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess,System.Int32);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess,System.Int32,System.Boolean);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess,System.Int32,System.Boolean);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.IntPtr,System.IO.FileAccess);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.IntPtr,System.IO.FileAccess);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.IntPtr,System.IO.FileAccess,System.Boolean);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.IntPtr,System.IO.FileAccess,System.Boolean);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.IntPtr,System.IO.FileAccess,System.Boolean,System.Int32);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.IntPtr,System.IO.FileAccess,System.Boolean,System.Int32);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.IntPtr,System.IO.FileAccess,System.Boolean,System.Int32,System.Boolean);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.IntPtr,System.IO.FileAccess,System.Boolean,System.Int32,System.Boolean);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.Boolean);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.Boolean);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.IO.FileOptions);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.IO.FileOptions);;Argument[this];file;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileStreamOptions);;Argument[this];file-write;manual | +| System.IO;FileStream;false;FileStream;(System.String,System.IO.FileStreamOptions);;Argument[this];file;manual | +| System.IO;StreamWriter;false;StreamWriter;(System.String);;Argument[this];file-write;manual | +| System.IO;StreamWriter;false;StreamWriter;(System.String,System.Boolean);;Argument[this];file-write;manual | +| System.IO;StreamWriter;false;StreamWriter;(System.String,System.Boolean,System.Text.Encoding);;Argument[this];file-write;manual | +| System.IO;StreamWriter;false;StreamWriter;(System.String,System.Boolean,System.Text.Encoding,System.Int32);;Argument[this];file-write;manual | +| System.IO;StreamWriter;false;StreamWriter;(System.String,System.IO.FileStreamOptions);;Argument[this];file-write;manual | +| System.IO;StreamWriter;false;StreamWriter;(System.String,System.Text.Encoding,System.IO.FileStreamOptions);;Argument[this];file-write;manual | +| System.Net.Sockets;TcpClient;false;GetStream;();;ReturnValue;remote;manual | +| System;Console;false;Read;();;ReturnValue;local;manual | +| System;Console;false;ReadKey;();;ReturnValue;local;manual | +| System;Console;false;ReadKey;(System.Boolean);;ReturnValue;local;manual | +| System;Console;false;ReadLine;();;ReturnValue;local;manual | +| System;Environment;false;ExpandEnvironmentVariables;(System.String);;ReturnValue;environment;manual | +| System;Environment;false;GetCommandLineArgs;();;ReturnValue;commandargs;manual | +| System;Environment;false;GetEnvironmentVariable;(System.String);;ReturnValue;environment;manual | +| System;Environment;false;GetEnvironmentVariable;(System.String,System.EnvironmentVariableTarget);;ReturnValue;environment;manual | +| System;Environment;false;GetEnvironmentVariables;();;ReturnValue;environment;manual | +| System;Environment;false;GetEnvironmentVariables;(System.EnvironmentVariableTarget);;ReturnValue;environment;manual | +| System;Environment;false;get_CommandLine;();;ReturnValue;commandargs;manual | summary | Dapper;CustomPropertyTypeMap;false;CustomPropertyTypeMap;(System.Type,System.Func);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | Dapper;DynamicParameters;false;Output;(T,System.Linq.Expressions.Expression>,System.Nullable,System.Nullable);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | From b39842501adfea160697dfe6dab99aa0861740ef Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 15 Mar 2024 15:50:01 +0100 Subject: [PATCH 4/9] C#: Update sink test expected output. --- .../dataflow/library/FlowSummaries.expected | 533 ++++++++++++++++++ 1 file changed, 533 insertions(+) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index af6a55c64f7..30396dbf410 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -75,6 +75,539 @@ source | System;Environment;false;GetEnvironmentVariables;();;ReturnValue;environment;manual | | System;Environment;false;GetEnvironmentVariables;(System.EnvironmentVariableTarget);;ReturnValue;environment;manual | | System;Environment;false;get_CommandLine;();;ReturnValue;commandargs;manual | +sink +| Dapper;SqlMapper;false;Execute;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;ExecuteAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;ExecuteReader;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;ExecuteReaderAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;ExecuteScalar;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;ExecuteScalar;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;ExecuteScalarAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;ExecuteScalarAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable);;Argument[2];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;Query;(System.Data.IDbConnection,System.String,System.Type[],System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryAsync;(System.Data.IDbConnection,System.String,System.Type[],System.Func,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirst;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirst;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[2];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirst;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirstAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirstAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[2];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirstAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirstOrDefault;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirstOrDefault;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[2];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirstOrDefault;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirstOrDefaultAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirstOrDefaultAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[2];sql-injection;manual | +| Dapper;SqlMapper;false;QueryFirstOrDefaultAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryMultiple;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QueryMultipleAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingle;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingle;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[2];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingle;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingleAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingleAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[2];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingleAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingleOrDefault;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingleOrDefault;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[2];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingleOrDefault;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingleOrDefaultAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingleOrDefaultAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[2];sql-injection;manual | +| Dapper;SqlMapper;false;QuerySingleOrDefaultAsync;(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable,System.Nullable);;Argument[1];sql-injection;manual | +| Microsoft.EntityFrameworkCore;RelationalDatabaseFacadeExtensions;false;ExecuteSqlRaw;(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| Microsoft.EntityFrameworkCore;RelationalDatabaseFacadeExtensions;false;ExecuteSqlRaw;(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[]);;Argument[1];sql-injection;manual | +| Microsoft.EntityFrameworkCore;RelationalDatabaseFacadeExtensions;false;ExecuteSqlRawAsync;(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| Microsoft.EntityFrameworkCore;RelationalDatabaseFacadeExtensions;false;ExecuteSqlRawAsync;(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[]);;Argument[1];sql-injection;manual | +| Microsoft.EntityFrameworkCore;RelationalDatabaseFacadeExtensions;false;ExecuteSqlRawAsync;(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| Microsoft.EntityFrameworkCore;RelationalQueryableExtensions;false;FromSqlRaw;(Microsoft.EntityFrameworkCore.DbSet,System.String,System.Object[]);;Argument[1];sql-injection;manual | +| ServiceStack.Messaging;BackgroundMqClient;false;SendAllOneWay;(System.Collections.Generic.IEnumerable);;Argument[1].Element;file-content-store;manual | +| ServiceStack.Messaging;BackgroundMqClient;false;SendOneWay;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack.Messaging;BackgroundMqClient;false;SendOneWay;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack.Messaging;InMemoryMessageQueueClient;false;SendAllOneWay;(System.Collections.Generic.IEnumerable);;Argument[1].Element;file-content-store;manual | +| ServiceStack.Messaging;InMemoryMessageQueueClient;false;SendOneWay;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack.Messaging;InMemoryMessageQueueClient;false;SendOneWay;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack.Messaging;RedisMessageProducer;false;SendAllOneWay;(System.Collections.Generic.IEnumerable);;Argument[1].Element;file-content-store;manual | +| ServiceStack.Messaging;RedisMessageProducer;false;SendOneWay;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack.Messaging;RedisMessageProducer;false;SendOneWay;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack.Messaging;RedisMessageQueueClient;false;SendAllOneWay;(System.Collections.Generic.IEnumerable);;Argument[1].Element;file-content-store;manual | +| ServiceStack.Messaging;RedisMessageQueueClient;false;SendOneWay;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack.Messaging;RedisMessageQueueClient;false;SendOneWay;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack.OrmLite;IUntypedSqlExpression;true;UnsafeAnd;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;IUntypedSqlExpression;true;UnsafeFrom;(System.String);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;IUntypedSqlExpression;true;UnsafeOr;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;IUntypedSqlExpression;true;UnsafeSelect;(System.String);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;IUntypedSqlExpression;true;UnsafeWhere;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Column;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Column;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;ColumnDistinct;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;ColumnDistinct;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;ColumnLazy;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;ColumnLazy;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Dictionary;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;ExecuteNonQuery;(System.Data.IDbConnection,System.String);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;ExecuteNonQuery;(System.Data.IDbConnection,System.String,System.Action);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;ExecuteNonQuery;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;ExecuteNonQuery;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Exists;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Lookup;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Lookup;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Scalar;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Scalar;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Select;(System.Data.IDbConnection,System.String);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Select;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Select;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Select;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Select;(System.Data.IDbConnection,System.Type,System.String,System.Object);;Argument[2];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SelectLazy;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SelectNonDefaults;(System.Data.IDbConnection,System.String,T);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Single;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;Single;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlColumn;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlColumn;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlColumn;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlList;(System.Data.IDbConnection,System.String,System.Action);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlList;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlList;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlList;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlScalar;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlScalar;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApi;false;SqlScalar;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ColumnAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ColumnAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ColumnDistinctAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ColumnDistinctAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;DictionaryAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ExecuteNonQueryAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ExecuteNonQueryAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ExecuteNonQueryAsync;(System.Data.IDbConnection,System.String,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ExistsAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;KeyValuePairsAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;KeyValuePairsAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;LookupAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;LookupAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ScalarAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;ScalarAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SelectAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SelectAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SelectAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SelectAsync;(System.Data.IDbConnection,System.String,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SelectAsync;(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Threading.CancellationToken);;Argument[2];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SelectNonDefaultsAsync;(System.Data.IDbConnection,System.String,T,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SingleAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SingleAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlColumnAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlColumnAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlColumnAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlListAsync;(System.Data.IDbConnection,System.String,System.Action,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlListAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlListAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlListAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlScalarAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlScalarAsync;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadApiAsync;false;SqlScalarAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadExpressionsApi;false;RowCount;(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadExpressionsApi;false;RowCount;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteReadExpressionsApiAsync;false;RowCountAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteWriteApi;false;ExecuteSql;(System.Data.IDbConnection,System.String);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteWriteApi;false;ExecuteSql;(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteWriteApi;false;ExecuteSql;(System.Data.IDbConnection,System.String,System.Object);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteWriteApiAsync;false;ExecuteSqlAsync;(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;OrmLiteWriteApiAsync;false;ExecuteSqlAsync;(System.Data.IDbConnection,System.String,System.Threading.CancellationToken);;Argument[1];sql-injection;manual | +| ServiceStack.OrmLite;SqlExpression;true;UnsafeAnd;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;SqlExpression;true;UnsafeFrom;(System.String);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;SqlExpression;true;UnsafeGroupBy;(System.String);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;SqlExpression;true;UnsafeHaving;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;SqlExpression;true;UnsafeOr;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;SqlExpression;true;UnsafeOrderBy;(System.String);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;SqlExpression;true;UnsafeSelect;(System.String);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;SqlExpression;true;UnsafeSelect;(System.String,System.Boolean);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;SqlExpression;true;UnsafeWhere;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;UntypedSqlExpressionProxy;false;UnsafeAnd;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;UntypedSqlExpressionProxy;false;UnsafeFrom;(System.String);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;UntypedSqlExpressionProxy;false;UnsafeOr;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;UntypedSqlExpressionProxy;false;UnsafeSelect;(System.String);;Argument[0];sql-injection;manual | +| ServiceStack.OrmLite;UntypedSqlExpressionProxy;false;UnsafeWhere;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| ServiceStack.Redis;IRedisClient;true;Custom;(System.Object[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClient;true;ExecLua;(System.String,System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClient;true;ExecLua;(System.String,System.String[],System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClient;true;ExecLuaAsInt;(System.String,System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClient;true;ExecLuaAsInt;(System.String,System.String[],System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClient;true;ExecLuaAsList;(System.String,System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClient;true;ExecLuaAsList;(System.String,System.String[],System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClient;true;ExecLuaAsString;(System.String,System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClient;true;ExecLuaAsString;(System.String,System.String[],System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClient;true;LoadLuaScript;(System.String);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;CustomAsync;(System.Object[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;CustomAsync;(System.Object[],System.Threading.CancellationToken);;Argument[0].Element;code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsIntAsync;(System.String,System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsIntAsync;(System.String,System.String[],System.String[],System.Threading.CancellationToken);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsIntAsync;(System.String,System.String[],System.Threading.CancellationToken);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsListAsync;(System.String,System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsListAsync;(System.String,System.String[],System.String[],System.Threading.CancellationToken);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsListAsync;(System.String,System.String[],System.Threading.CancellationToken);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsStringAsync;(System.String,System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsStringAsync;(System.String,System.String[],System.String[],System.Threading.CancellationToken);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsStringAsync;(System.String,System.String[],System.Threading.CancellationToken);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsync;(System.String,System.String[]);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsync;(System.String,System.String[],System.String[],System.Threading.CancellationToken);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;ExecLuaAsync;(System.String,System.String[],System.Threading.CancellationToken);;Argument[0];code-injection;manual | +| ServiceStack.Redis;IRedisClientAsync;true;LoadLuaScriptAsync;(System.String,System.Threading.CancellationToken);;Argument[0];code-injection;manual | +| ServiceStack.Testing;MockRestGateway;false;Delete;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack.Testing;MockRestGateway;false;Get;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack.Testing;MockRestGateway;false;Post;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack.Testing;MockRestGateway;false;Put;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack.Testing;MockRestGateway;false;Send;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;CustomMethod;(System.String,ServiceStack.IReturnVoid);;Argument[1];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;CustomMethod;(System.String,ServiceStack.IReturn);;Argument[1];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;CustomMethod;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;CustomMethodAsync;(System.String,ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;CustomMethodAsync;(System.String,ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;CustomMethodAsync;(System.String,System.Object,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Delete;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Delete;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Delete;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;DeleteAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;DeleteAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;DeleteAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Get;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Get;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Get;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;GetAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;GetAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;GetAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Patch;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Patch;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Patch;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Patch;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PatchAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PatchAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PatchAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Post;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Post;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Post;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Post;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PostAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PostAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PostAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Publish;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PublishAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PublishAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PublishAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Put;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Put;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Put;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Put;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PutAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PutAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;PutAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Send;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;Send;(System.String,System.String,System.Object);;Argument[2];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;SendAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;CachedServiceClient;false;SendAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;CachedServiceClient;false;SendAllOneWay;(System.Collections.Generic.IEnumerable);;Argument[1].Element;file-content-store;manual | +| ServiceStack;CachedServiceClient;false;SendAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;SendOneWay;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;CachedServiceClient;false;SendOneWay;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;EncryptedServiceClient;false;Publish;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;EncryptedServiceClient;false;PublishAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;EncryptedServiceClient;false;Send;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;EncryptedServiceClient;false;SendAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;IOneWayClient;true;SendAllOneWay;(System.Collections.Generic.IEnumerable);;Argument[1].Element;file-content-store;manual | +| ServiceStack;IOneWayClient;true;SendOneWay;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;IOneWayClient;true;SendOneWay;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClient;true;Patch;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClient;true;Post;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClient;true;Put;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClient;true;Send;(System.String,System.String,System.Object);;Argument[2];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;CustomMethodAsync;(System.String,ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;CustomMethodAsync;(System.String,ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;CustomMethodAsync;(System.String,System.Object,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;DeleteAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;DeleteAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;DeleteAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;GetAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;GetAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;GetAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;PatchAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;PatchAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;PatchAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;PostAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;PostAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;PostAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;PutAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;PutAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientAsync;true;PutAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;CustomMethod;(System.String,ServiceStack.IReturnVoid);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClientSync;true;CustomMethod;(System.String,ServiceStack.IReturn);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClientSync;true;CustomMethod;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Delete;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Delete;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Delete;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Get;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Get;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Get;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Patch;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Patch;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Patch;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Post;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Post;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Post;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Put;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Put;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestClientSync;true;Put;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGateway;true;Delete;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGateway;true;Get;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGateway;true;Post;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGateway;true;Put;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGateway;true;Send;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGatewayAsync;true;DeleteAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGatewayAsync;true;GetAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGatewayAsync;true;PostAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGatewayAsync;true;PutAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IRestGatewayAsync;true;SendAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IServiceGateway;true;Publish;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;IServiceGateway;true;PublishAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;IServiceGateway;true;Send;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;IServiceGateway;true;SendAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;IServiceGatewayAsync;true;PublishAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;IServiceGatewayAsync;true;PublishAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;IServiceGatewayAsync;true;SendAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;IServiceGatewayAsync;true;SendAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;InProcessServiceGateway;false;Publish;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;InProcessServiceGateway;false;PublishAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;InProcessServiceGateway;false;PublishAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;InProcessServiceGateway;false;PublishAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;InProcessServiceGateway;false;Send;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;InProcessServiceGateway;false;SendAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;InProcessServiceGateway;false;SendAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;InProcessServiceGateway;false;SendAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;CustomMethod;(System.String,ServiceStack.IReturnVoid);;Argument[1];file-content-store;manual | +| ServiceStack;JsonApiClient;false;CustomMethod;(System.String,ServiceStack.IReturn);;Argument[1];file-content-store;manual | +| ServiceStack;JsonApiClient;false;CustomMethod;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;JsonApiClient;false;CustomMethodAsync;(System.String,ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;JsonApiClient;false;CustomMethodAsync;(System.String,ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;JsonApiClient;false;CustomMethodAsync;(System.String,System.Object,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Delete;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Delete;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Delete;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;DeleteAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;DeleteAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;DeleteAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Get;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Get;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Get;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;GetAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;GetAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;GetAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Patch;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Patch;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Patch;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Patch;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PatchAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PatchAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PatchAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Post;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Post;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Post;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Post;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PostAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PostAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PostAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Publish;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PublishAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;JsonApiClient;false;PublishAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;JsonApiClient;false;PublishAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Put;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Put;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Put;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Put;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PutAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PutAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;PutAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Send;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;Send;(System.String,System.String,System.Object);;Argument[2];file-content-store;manual | +| ServiceStack;JsonApiClient;false;SendAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;JsonApiClient;false;SendAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;JsonApiClient;false;SendAllOneWay;(System.Collections.Generic.IEnumerable);;Argument[1].Element;file-content-store;manual | +| ServiceStack;JsonApiClient;false;SendAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;SendOneWay;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;JsonApiClient;false;SendOneWay;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;false;DownloadBytes;(System.String,System.String,System.Object);;Argument[2];file-content-store;manual | +| ServiceStack;ServiceClientBase;false;DownloadBytesAsync;(System.String,System.String,System.Object);;Argument[2];file-content-store;manual | +| ServiceStack;ServiceClientBase;false;Publish;(ServiceStack.Messaging.IMessage);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;false;Publish;(T);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;false;PublishAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;ServiceClientBase;false;PublishAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;ServiceClientBase;false;PublishAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;false;SendAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;ServiceClientBase;true;CustomMethod;(System.String,ServiceStack.IReturnVoid);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;CustomMethod;(System.String,System.String,System.Object);;Argument[2];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;CustomMethod;(System.String,ServiceStack.IReturn);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;CustomMethod;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;CustomMethod;(System.String,System.String,System.Object);;Argument[2];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;CustomMethodAsync;(System.String,ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;CustomMethodAsync;(System.String,ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;CustomMethodAsync;(System.String,System.Object,System.Threading.CancellationToken);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;CustomMethodAsync;(System.String,System.String,System.Object,System.Threading.CancellationToken);;Argument[2];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Delete;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Delete;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Delete;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Delete;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;DeleteAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;DeleteAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;DeleteAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Get;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Get;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Get;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Get;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;GetAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;GetAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;GetAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Head;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Head;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Patch;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Patch;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Patch;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Patch;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Patch;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;PatchAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;PatchAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;PatchAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Post;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Post;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Post;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Post;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Post;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;PostAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;PostAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;PostAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Publish;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Put;(ServiceStack.IReturnVoid);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Put;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Put;(ServiceStack.IReturn);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Put;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Put;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;PutAsync;(ServiceStack.IReturnVoid,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;PutAsync;(ServiceStack.IReturn,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;PutAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Send;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;Send;(System.String,System.String,System.Object);;Argument[2];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;SendAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;ServiceClientBase;true;SendAllOneWay;(System.Collections.Generic.IEnumerable);;Argument[1].Element;file-content-store;manual | +| ServiceStack;ServiceClientBase;true;SendAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;SendOneWay;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceClientBase;true;SendOneWay;(System.String,System.Object);;Argument[1];file-content-store;manual | +| ServiceStack;ServiceGatewayFactoryBase;false;Publish;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceGatewayFactoryBase;false;PublishAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;ServiceGatewayFactoryBase;false;PublishAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;ServiceGatewayFactoryBase;false;PublishAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceGatewayFactoryBase;false;Send;(System.Object);;Argument[0];file-content-store;manual | +| ServiceStack;ServiceGatewayFactoryBase;false;SendAll;(System.Collections.Generic.IEnumerable);;Argument[0].Element;file-content-store;manual | +| ServiceStack;ServiceGatewayFactoryBase;false;SendAllAsync;(System.Collections.Generic.IEnumerable,System.Threading.CancellationToken);;Argument[0].Element;file-content-store;manual | +| ServiceStack;ServiceGatewayFactoryBase;false;SendAsync;(System.Object,System.Threading.CancellationToken);;Argument[0];file-content-store;manual | +| System.Data.Entity;Database;false;ExecuteSqlCommand;(System.Data.Entity.TransactionalBehavior,System.String,System.Object[]);;Argument[1];sql-injection;manual | +| System.Data.Entity;Database;false;ExecuteSqlCommand;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| System.Data.Entity;Database;false;ExecuteSqlCommandAsync;(System.Data.Entity.TransactionalBehavior,System.String,System.Object[]);;Argument[1];sql-injection;manual | +| System.Data.Entity;Database;false;ExecuteSqlCommandAsync;(System.Data.Entity.TransactionalBehavior,System.String,System.Threading.CancellationToken,System.Object[]);;Argument[1];sql-injection;manual | +| System.Data.Entity;Database;false;ExecuteSqlCommandAsync;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| System.Data.Entity;Database;false;ExecuteSqlCommandAsync;(System.String,System.Threading.CancellationToken,System.Object[]);;Argument[0];sql-injection;manual | +| System.Data.Entity;Database;false;SqlQuery;(System.Type,System.String,System.Object[]);;Argument[1];sql-injection;manual | +| System.Data.Entity;Database;false;SqlQuery;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| System.Data.Entity;DbSet;true;SqlQuery;(System.String,System.Object[]);;Argument[0];sql-injection;manual | +| System.Data.SqlClient;SqlCommand;false;SqlCommand;(System.String);;Argument[0];sql-injection;manual | +| System.Data.SqlClient;SqlCommand;false;SqlCommand;(System.String,System.Data.SqlClient.SqlConnection);;Argument[0];sql-injection;manual | +| System.Data.SqlClient;SqlCommand;false;SqlCommand;(System.String,System.Data.SqlClient.SqlConnection,System.Data.SqlClient.SqlTransaction);;Argument[0];sql-injection;manual | +| System.Data.SqlClient;SqlDataAdapter;false;SqlDataAdapter;(System.Data.SqlClient.SqlCommand);;Argument[0];sql-injection;manual | +| System.Data.SqlClient;SqlDataAdapter;false;SqlDataAdapter;(System.String,System.Data.SqlClient.SqlConnection);;Argument[0];sql-injection;manual | +| System.Data.SqlClient;SqlDataAdapter;false;SqlDataAdapter;(System.String,System.String);;Argument[0];sql-injection;manual | +| System.Net.Http;StringContent;false;StringContent;(System.String);;Argument[0];js-injection;df-generated | +| System.Net.Http;StringContent;false;StringContent;(System.String);;Argument[0];js-injection;manual | +| System.Net.Http;StringContent;false;StringContent;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);;Argument[0];js-injection;df-generated | +| System.Net.Http;StringContent;false;StringContent;(System.String,System.Net.Http.Headers.MediaTypeHeaderValue);;Argument[0];js-injection;manual | +| System.Net.Http;StringContent;false;StringContent;(System.String,System.Text.Encoding);;Argument[0];js-injection;df-generated | +| System.Net.Http;StringContent;false;StringContent;(System.String,System.Text.Encoding);;Argument[0];js-injection;manual | +| System.Net.Http;StringContent;false;StringContent;(System.String,System.Text.Encoding,System.Net.Http.Headers.MediaTypeHeaderValue);;Argument[0];js-injection;manual | +| System.Net.Http;StringContent;false;StringContent;(System.String,System.Text.Encoding,System.String);;Argument[0];js-injection;df-generated | +| System.Net.Http;StringContent;false;StringContent;(System.String,System.Text.Encoding,System.String);;Argument[0];js-injection;manual | +| System.Security.Cryptography;AesCng;false;CreateDecryptor;();;Argument[this];encryption-decryptor;df-generated | +| System.Security.Cryptography;AesCng;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;manual | +| System.Security.Cryptography;AesCng;false;CreateEncryptor;();;Argument[this];encryption-encryptor;df-generated | +| System.Security.Cryptography;AesCng;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;manual | +| System.Security.Cryptography;AesCng;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;manual | +| System.Security.Cryptography;AesCryptoServiceProvider;false;CreateDecryptor;();;Argument[this];encryption-decryptor;df-generated | +| System.Security.Cryptography;AesCryptoServiceProvider;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;df-generated | +| System.Security.Cryptography;AesCryptoServiceProvider;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;manual | +| System.Security.Cryptography;AesCryptoServiceProvider;false;CreateEncryptor;();;Argument[this];encryption-encryptor;df-generated | +| System.Security.Cryptography;AesCryptoServiceProvider;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;df-generated | +| System.Security.Cryptography;AesCryptoServiceProvider;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;manual | +| System.Security.Cryptography;AesCryptoServiceProvider;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;df-generated | +| System.Security.Cryptography;AesCryptoServiceProvider;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;manual | +| System.Security.Cryptography;AesManaged;false;CreateDecryptor;();;Argument[this];encryption-decryptor;df-generated | +| System.Security.Cryptography;AesManaged;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;df-generated | +| System.Security.Cryptography;AesManaged;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;manual | +| System.Security.Cryptography;AesManaged;false;CreateEncryptor;();;Argument[this];encryption-encryptor;df-generated | +| System.Security.Cryptography;AesManaged;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;df-generated | +| System.Security.Cryptography;AesManaged;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;manual | +| System.Security.Cryptography;AesManaged;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;df-generated | +| System.Security.Cryptography;AesManaged;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;manual | +| System.Security.Cryptography;DES;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;df-generated | +| System.Security.Cryptography;DES;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;manual | +| System.Security.Cryptography;DESCryptoServiceProvider;false;CreateDecryptor;();;Argument[this];encryption-decryptor;df-generated | +| System.Security.Cryptography;DESCryptoServiceProvider;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;df-generated | +| System.Security.Cryptography;DESCryptoServiceProvider;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;manual | +| System.Security.Cryptography;DESCryptoServiceProvider;false;CreateEncryptor;();;Argument[this];encryption-encryptor;df-generated | +| System.Security.Cryptography;DESCryptoServiceProvider;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;df-generated | +| System.Security.Cryptography;DESCryptoServiceProvider;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;manual | +| System.Security.Cryptography;RC2CryptoServiceProvider;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;df-generated | +| System.Security.Cryptography;RC2CryptoServiceProvider;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;manual | +| System.Security.Cryptography;RC2CryptoServiceProvider;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;df-generated | +| System.Security.Cryptography;RC2CryptoServiceProvider;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;manual | +| System.Security.Cryptography;RijndaelManaged;false;CreateDecryptor;();;Argument[this];encryption-decryptor;df-generated | +| System.Security.Cryptography;RijndaelManaged;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;df-generated | +| System.Security.Cryptography;RijndaelManaged;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;manual | +| System.Security.Cryptography;RijndaelManaged;false;CreateEncryptor;();;Argument[this];encryption-encryptor;df-generated | +| System.Security.Cryptography;RijndaelManaged;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;df-generated | +| System.Security.Cryptography;RijndaelManaged;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;manual | +| System.Security.Cryptography;RijndaelManaged;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;df-generated | +| System.Security.Cryptography;RijndaelManaged;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;manual | +| System.Security.Cryptography;SymmetricAlgorithm;true;CreateDecryptor;();;Argument[this];encryption-decryptor;df-generated | +| System.Security.Cryptography;SymmetricAlgorithm;true;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;manual | +| System.Security.Cryptography;SymmetricAlgorithm;true;CreateEncryptor;();;Argument[this];encryption-encryptor;df-generated | +| System.Security.Cryptography;SymmetricAlgorithm;true;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;manual | +| System.Security.Cryptography;SymmetricAlgorithm;true;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;manual | +| System.Security.Cryptography;TripleDES;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;df-generated | +| System.Security.Cryptography;TripleDES;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;manual | +| System.Security.Cryptography;TripleDESCng;false;CreateDecryptor;();;Argument[this];encryption-decryptor;df-generated | +| System.Security.Cryptography;TripleDESCng;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;manual | +| System.Security.Cryptography;TripleDESCng;false;CreateEncryptor;();;Argument[this];encryption-encryptor;df-generated | +| System.Security.Cryptography;TripleDESCng;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;manual | +| System.Security.Cryptography;TripleDESCng;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;manual | +| System.Security.Cryptography;TripleDESCryptoServiceProvider;false;CreateDecryptor;();;Argument[this];encryption-decryptor;df-generated | +| System.Security.Cryptography;TripleDESCryptoServiceProvider;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;df-generated | +| System.Security.Cryptography;TripleDESCryptoServiceProvider;false;CreateDecryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-decryptor;manual | +| System.Security.Cryptography;TripleDESCryptoServiceProvider;false;CreateEncryptor;();;Argument[this];encryption-encryptor;df-generated | +| System.Security.Cryptography;TripleDESCryptoServiceProvider;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;df-generated | +| System.Security.Cryptography;TripleDESCryptoServiceProvider;false;CreateEncryptor;(System.Byte[],System.Byte[]);;Argument[0];encryption-encryptor;manual | +| System.Security.Cryptography;TripleDESCryptoServiceProvider;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;df-generated | +| System.Security.Cryptography;TripleDESCryptoServiceProvider;false;set_Key;(System.Byte[]);;Argument[0];encryption-keyprop;manual | +| System.Web;HttpResponse;false;Write;(System.Object);;Argument[0];html-injection;manual | +| System.Web;HttpResponse;false;Write;(System.String);;Argument[0];html-injection;manual | +| System.Web;HttpResponse;false;WriteFile;(System.String);;Argument[0];html-injection;manual | summary | Dapper;CustomPropertyTypeMap;false;CustomPropertyTypeMap;(System.Type,System.Func);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | Dapper;DynamicParameters;false;Output;(T,System.Linq.Expressions.Expression>,System.Nullable,System.Nullable);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | From d24f032d976778c25cee1ea74efb5ebbf9acc54d Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 18 Mar 2024 12:54:04 +0100 Subject: [PATCH 5/9] C#: Update other tests. --- .../dataflow/library/FlowSummariesFiltered.expected | 2 -- .../frameworks/EntityFramework/FlowSummaries.expected | 1 - 2 files changed, 3 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index 4dec1bdd7d1..cf17fed3269 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -1,4 +1,3 @@ -summary | Dapper;CustomPropertyTypeMap;false;CustomPropertyTypeMap;(System.Type,System.Func);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | Dapper;DynamicParameters;false;Output;(T,System.Linq.Expressions.Expression>,System.Nullable,System.Nullable);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | Dapper;SqlMapper+GridReader;false;GridReader;(System.Data.IDbCommand,System.Data.Common.DbDataReader,Dapper.SqlMapper+Identity,System.Action,System.Object,System.Boolean,System.Threading.CancellationToken);;Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | @@ -16125,4 +16124,3 @@ summary | System;ValueTuple;false;ToString;();;Argument[this];ReturnValue;taint;df-generated | | System;ValueTuple;false;ValueTuple;(T1);;Argument[0];Argument[this].Field[System.ValueTuple`1.Item1];value;manual | | System;ValueTuple;false;get_Item;(System.Int32);;Argument[this].Field[System.ValueTuple`1.Item1];ReturnValue;value;manual | -neutral diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected index 8522487dff7..db1bacefb33 100644 --- a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.expected @@ -170,7 +170,6 @@ summary | System.Data.Entity;DbContext;false;SaveChangesAsync;(System.Threading.CancellationToken);;Argument[this].Property[EFTests.MyContext.Persons].Element.Property[EFTests.Person.Id];SyntheticGlobal[EFTests.MyContext.Persons#ReturnValue.Element.Property[EFTests.Person.Id]];value;manual | | System.Data.Entity;DbContext;false;SaveChangesAsync;(System.Threading.CancellationToken);;Argument[this].Property[EFTests.MyContext.Persons].Element.Property[EFTests.Person.Name];SyntheticGlobal[EFTests.MyContext.PersonAddresses#ReturnValue.Element.Property[EFTests.PersonAddressMap.Person].Property[EFTests.Person.Name]];value;manual | | System.Data.Entity;DbContext;false;SaveChangesAsync;(System.Threading.CancellationToken);;Argument[this].Property[EFTests.MyContext.Persons].Element.Property[EFTests.Person.Name];SyntheticGlobal[EFTests.MyContext.Persons#ReturnValue.Element.Property[EFTests.Person.Name]];value;manual | -neutral sourceNode sinkNode | EntityFrameworkCore.cs:72:36:72:40 | "sql" | sql-injection | From 70c674494409c4d29563d35a34fbbc6c01abedaa Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Mon, 18 Mar 2024 13:04:45 +0100 Subject: [PATCH 6/9] Java/Go/Swift: Sync changes. --- go/ql/lib/semmle/go/dataflow/ExternalFlow.qll | 4 ++-- .../semmle/go/dataflow/internal/FlowSummaryImpl.qll | 12 ++++++++---- .../code/java/dataflow/internal/FlowSummaryImpl.qll | 8 ++++---- .../modeleditor/FrameworkModeEndpointsQuery.qll | 4 ++-- .../swift/dataflow/internal/FlowSummaryImpl.qll | 12 ++++++++---- 5 files changed, 24 insertions(+), 16 deletions(-) diff --git a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll index cacad869509..ba5270483fc 100644 --- a/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll +++ b/go/ql/lib/semmle/go/dataflow/ExternalFlow.qll @@ -299,8 +299,8 @@ predicate hasExternalSpecification(Function f) { f = any(SummarizedCallable sc).asFunction() or exists(SourceSinkInterpretationInput::SourceOrSinkElement e | f = e.asEntity() | - SourceSinkInterpretationInput::sourceElement(e, _, _) or - SourceSinkInterpretationInput::sinkElement(e, _, _) + SourceSinkInterpretationInput::sourceElement(e, _, _, _) or + SourceSinkInterpretationInput::sinkElement(e, _, _, _) ) } diff --git a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll index cbf33afff25..1c7ef2e362c 100644 --- a/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll +++ b/go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll @@ -103,11 +103,13 @@ module SourceSinkInterpretationInput implements * Holds if an external source specification exists for `e` with output specification * `output`, kind `kind`, and provenance `provenance`. */ - predicate sourceElement(SourceOrSinkElement e, string output, string kind) { + predicate sourceElement( + SourceOrSinkElement e, string output, string kind, Public::Provenance provenance + ) { exists( string package, string type, boolean subtypes, string name, string signature, string ext | - sourceModel(package, type, subtypes, name, signature, ext, output, kind, _) and + sourceModel(package, type, subtypes, name, signature, ext, output, kind, provenance) and e = interpretElement(package, type, subtypes, name, signature, ext) ) } @@ -116,11 +118,13 @@ module SourceSinkInterpretationInput implements * Holds if an external sink specification exists for `e` with input specification * `input`, kind `kind` and provenance `provenance`. */ - predicate sinkElement(SourceOrSinkElement e, string input, string kind) { + predicate sinkElement( + SourceOrSinkElement e, string input, string kind, Public::Provenance provenance + ) { exists( string package, string type, boolean subtypes, string name, string signature, string ext | - sinkModel(package, type, subtypes, name, signature, ext, input, kind, _) and + sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) and e = interpretElement(package, type, subtypes, name, signature, ext) ) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll index d5364567d88..0fbe7c3a1d1 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll @@ -192,12 +192,12 @@ module SourceSinkInterpretationInput implements class Element = J::Element; - predicate sourceElement(Element e, string output, string kind) { + predicate sourceElement(Element e, string output, string kind, Public::Provenance provenance) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, SourceOrSinkElement baseSource, string originalOutput | - sourceModel(namespace, type, subtypes, name, signature, ext, originalOutput, kind, _) and + sourceModel(namespace, type, subtypes, name, signature, ext, originalOutput, kind, provenance) and baseSource = interpretElement(namespace, type, subtypes, name, signature, ext) and ( e = baseSource and output = originalOutput @@ -207,12 +207,12 @@ module SourceSinkInterpretationInput implements ) } - predicate sinkElement(Element e, string input, string kind) { + predicate sinkElement(Element e, string input, string kind, Public::Provenance provenance) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, SourceOrSinkElement baseSink, string originalInput | - sinkModel(namespace, type, subtypes, name, signature, ext, originalInput, kind, _) and + sinkModel(namespace, type, subtypes, name, signature, ext, originalInput, kind, provenance) and baseSink = interpretElement(namespace, type, subtypes, name, signature, ext) and ( e = baseSink and originalInput = input diff --git a/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll b/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll index d8af480c6d3..76c727a4bf5 100644 --- a/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll +++ b/java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll @@ -8,7 +8,7 @@ private import ModelEditor * A class of effectively public callables from source code. */ class PublicEndpointFromSource extends Endpoint, ModelApi { - override predicate isSource() { SourceSinkInterpretationInput::sourceElement(this, _, _) } + override predicate isSource() { SourceSinkInterpretationInput::sourceElement(this, _, _, _) } - override predicate isSink() { SourceSinkInterpretationInput::sinkElement(this, _, _) } + override predicate isSink() { SourceSinkInterpretationInput::sinkElement(this, _, _, _) } } diff --git a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll index 1151a7aeec8..0a8c8605472 100644 --- a/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll +++ b/swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll @@ -119,11 +119,13 @@ module SourceSinkInterpretationInput implements * Holds if an external source specification exists for `e` with output specification * `output`, kind `kind`, and provenance `provenance`. */ - predicate sourceElement(SourceOrSinkElement e, string output, string kind) { + predicate sourceElement( + SourceOrSinkElement e, string output, string kind, Public::Provenance provenance + ) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext | - sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, _) and + sourceModel(namespace, type, subtypes, name, signature, ext, output, kind, provenance) and e = interpretElement(namespace, type, subtypes, name, signature, ext) ) } @@ -132,11 +134,13 @@ module SourceSinkInterpretationInput implements * Holds if an external sink specification exists for `e` with input specification * `input`, kind `kind` and provenance `provenance`. */ - predicate sinkElement(SourceOrSinkElement e, string input, string kind) { + predicate sinkElement( + SourceOrSinkElement e, string input, string kind, Public::Provenance provenance + ) { exists( string package, string type, boolean subtypes, string name, string signature, string ext | - sinkModel(package, type, subtypes, name, signature, ext, input, kind, _) and + sinkModel(package, type, subtypes, name, signature, ext, input, kind, provenance) and e = interpretElement(package, type, subtypes, name, signature, ext) ) } From ee3e38f0eb57fe121b1ad358f3f86d93e6b60afe Mon Sep 17 00:00:00 2001 From: Tom Hvitved Date: Tue, 19 Mar 2024 14:35:00 +0100 Subject: [PATCH 7/9] Simplify test interface in `FlowSummaryImpl.qll` --- .../dataflow/library/FlowSummaries.ql | 34 ++---- .../dataflow/library/FlowSummariesFiltered.ql | 12 +-- csharp/ql/test/shared/FlowSummaries.qll | 10 +- .../dataflow/internal/FlowSummaryImpl.qll | 101 +++++------------- 4 files changed, 51 insertions(+), 106 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql index b09721b4f3f..856ea6d99e9 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql @@ -2,32 +2,20 @@ import shared.FlowSummaries import semmle.code.csharp.dataflow.internal.ExternalFlow import External -module TestSummaryInput implements TestSummaryInputSig { - class RelevantSummarizedCallable = IncludeSummarizedCallable; +final private class NeutralCallableFinal = NeutralCallable; + +class RelevantNeutralCallable extends NeutralCallableFinal { + final string getCallableCsv() { result = asPartialNeutralModel(this) } } -module TestNeutralInput implements TestNeutralInputSig { - class RelevantNeutralCallable instanceof NeutralCallable { - final string getCallableCsv() { result = asPartialNeutralModel(this) } - - string toString() { result = super.toString() } - } +class RelevantSourceCallable extends SourceCallable { + string getCallableCsv() { result = asPartialModel(this) } } -module TestSourceSinkInput implements TestSourceSinkInputSig { - class RelevantSourceCallable instanceof SourceCallable { - string getCallableCsv() { result = asPartialModel(this) } - - string toString() { result = super.toString() } - } - - class RelevantSinkCallable instanceof SinkCallable { - string getCallableCsv() { result = asPartialModel(this) } - - string toString() { result = super.toString() } - } +class RelevantSinkCallable extends SinkCallable { + string getCallableCsv() { result = asPartialModel(this) } } -import TestSummaryOutput -import TestNeutralOutput -import TestSourceSinkOutput +import TestSummaryOutput +import TestNeutralOutput +import TestSourceSinkOutput diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql index fe3a931b451..5bbb7ec0c6f 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql @@ -1,13 +1,7 @@ import shared.FlowSummaries private import semmle.code.csharp.dataflow.internal.ExternalFlow -module TestSummaryInput implements TestSummaryInputSig { - class RelevantSummarizedCallable = IncludeSummarizedCallable; -} - -import TestSummaryOutput - -class IncludeFilteredSummarizedCallable extends RelevantSummarizedCallable { +class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable { /** * Holds if flow is propagated between `input` and `output` and * if there is no summary for a callable in a `base` class or interface @@ -16,7 +10,7 @@ class IncludeFilteredSummarizedCallable extends RelevantSummarizedCallable { override predicate relevantSummary( SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue ) { - this.(SummarizedCallableImpl).propagatesFlow(input, output, preservesValue) and + this.propagatesFlow(input, output, preservesValue) and not exists(IncludeSummarizedCallable rsc | isBaseCallableOrPrototype(rsc) and rsc.(SummarizedCallableImpl).propagatesFlow(input, output, preservesValue) and @@ -24,3 +18,5 @@ class IncludeFilteredSummarizedCallable extends RelevantSummarizedCallable { ) } } + +import TestSummaryOutput diff --git a/csharp/ql/test/shared/FlowSummaries.qll b/csharp/ql/test/shared/FlowSummaries.qll index 39028ef2df7..b68966afa34 100644 --- a/csharp/ql/test/shared/FlowSummaries.qll +++ b/csharp/ql/test/shared/FlowSummaries.qll @@ -2,7 +2,9 @@ import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl::Public private import semmle.code.csharp.dataflow.internal.ExternalFlow -class IncludeSummarizedCallable instanceof SummarizedCallableImpl { +final private class SummarizedCallableImplFinal = SummarizedCallableImpl; + +class IncludeSummarizedCallable extends SummarizedCallableImplFinal { IncludeSummarizedCallable() { [this.(Modifiable), this.(Accessor).getDeclaration()].isEffectivelyPublic() } @@ -10,5 +12,11 @@ class IncludeSummarizedCallable instanceof SummarizedCallableImpl { /** Gets a string representing the callable in semi-colon separated format for use in flow summaries. */ final string getCallableCsv() { result = asPartialModel(this) } + predicate relevantSummary( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ) { + this.propagatesFlow(input, output, preservesValue) + } + string toString() { result = super.toString() } } diff --git a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll index 9d059366513..48a56890e78 100644 --- a/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll +++ b/shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll @@ -1692,28 +1692,16 @@ module Make Input> { ) } - signature module TestSourceSinkInputSig { - /** - * A class or source elements relevant for testing. - */ - class RelevantSourceCallable instanceof SourceOrSinkElement { - /** Gets the string representation of this callable used by `source/1`. */ - string getCallableCsv(); - } - - /** - * A class or sink elements relevant for testing. - */ - class RelevantSinkCallable instanceof SourceOrSinkElement { - /** Gets the string representation of this callable used by `source/1`. */ - string getCallableCsv(); - } + /** A source or sink relevant for testing. */ + signature class RelevantSourceOrSinkElementSig extends SourceOrSinkElement { + /** Gets the string representation of this callable used by `source/1` or `sink/1`. */ + string getCallableCsv(); } /** Provides query predicates for outputting a set of relevant sources and sinks. */ - module TestSourceSinkOutput { - private import TestSourceSinkInput - + module TestSourceSinkOutput< + RelevantSourceOrSinkElementSig RelevantSource, RelevantSourceOrSinkElementSig RelevantSink> + { /** * Holds if there exists a relevant source callable with information roughly corresponding to `csv`. * Used for testing. @@ -1721,10 +1709,10 @@ module Make Input> { * ext is hardcoded to empty. */ query predicate source(string csv) { - exists(RelevantSourceCallable c, string output, string kind, Provenance provenance | - sourceElement(c, output, kind, provenance) and + exists(RelevantSource s, string output, string kind, Provenance provenance | + sourceElement(s, output, kind, provenance) and csv = - c.getCallableCsv() // Callable information + s.getCallableCsv() // Callable information + output + ";" // output + kind + ";" // kind + provenance // provenance @@ -1738,10 +1726,10 @@ module Make Input> { * ext is hardcoded to empty. */ query predicate sink(string csv) { - exists(RelevantSinkCallable c, string input, string kind, Provenance provenance | - sinkElement(c, input, kind, provenance) and + exists(RelevantSink s, string input, string kind, Provenance provenance | + sinkElement(s, input, kind, provenance) and csv = - c.getCallableCsv() // Callable information + s.getCallableCsv() // Callable information + input + ";" // input + kind + ";" // kind + provenance // provenance @@ -1751,35 +1739,18 @@ module Make Input> { } } - signature module TestSummaryInputSig { - /** - * A class of callables where the flow summary should be included - * in the `summary/1` query predicate. - */ - class RelevantSummarizedCallable instanceof SummarizedCallableImpl { - /** Gets the string representation of this callable used by `summary/1`. */ - string getCallableCsv(); - } + /** A summarized callable relevant for testing. */ + signature class RelevantSummarizedCallableSig extends SummarizedCallableImpl { + /** Gets the string representation of this callable used by `summary/1`. */ + string getCallableCsv(); + + predicate relevantSummary( + SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue + ); } /** Provides a query predicate for outputting a set of relevant flow summaries. */ - module TestSummaryOutput { - private import TestInput - - final class RelevantSummarizedCallableFinal = TestInput::RelevantSummarizedCallable; - - class RelevantSummarizedCallable extends RelevantSummarizedCallableFinal instanceof SummarizedCallableImpl - { - /** Holds if flow is propagated between `input` and `output`. */ - predicate relevantSummary( - SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue - ) { - super.propagatesFlow(input, output, preservesValue) - } - - string toString() { result = super.toString() } - } - + module TestSummaryOutput { /** Render the kind in the format used in flow summaries. */ private string renderKind(boolean preservesValue) { preservesValue = true and result = "value" @@ -1816,31 +1787,13 @@ module Make Input> { } } - signature module TestNeutralInputSig { - /** - * A class of callables where the neutral model should be included - * in the `neutral/1` query predicate. - */ - class RelevantNeutralCallable instanceof NeutralCallable { - /** Gets the string representation of this callable used by `neutral/1`. */ - string getCallableCsv(); - } + /** A summarized callable relevant for testing. */ + signature class RelevantNeutralCallableSig extends NeutralCallable { + /** Gets the string representation of this callable used by `neutral/1`. */ + string getCallableCsv(); } - module TestNeutralOutput { - private import TestInput - - final class RelevantNeutralCallableFinal = TestInput::RelevantNeutralCallable; - - class RelevantNeutralCallable extends RelevantNeutralCallableFinal instanceof NeutralCallable { - /** - * Gets the kind of the neutral. - */ - string getKind() { result = super.getKind() } - - string toString() { result = super.toString() } - } - + module TestNeutralOutput { private string renderProvenance(NeutralCallable c) { exists(Provenance p | p.isManual() and c.hasProvenance(p) and result = p.toString()) or From d3aa2eed646c9b8b623fcdf0c055123d4b849f40 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 19 Mar 2024 16:30:24 +0100 Subject: [PATCH 8/9] C#: Fix test. --- .../ql/test/library-tests/dataflow/library/FlowSummaries.ql | 3 +-- .../frameworks/EntityFramework/FlowSummaries.ql | 6 ++---- 2 files changed, 3 insertions(+), 6 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql index 856ea6d99e9..6b117c03ac0 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.ql @@ -1,6 +1,5 @@ import shared.FlowSummaries import semmle.code.csharp.dataflow.internal.ExternalFlow -import External final private class NeutralCallableFinal = NeutralCallable; @@ -18,4 +17,4 @@ class RelevantSinkCallable extends SinkCallable { import TestSummaryOutput import TestNeutralOutput -import TestSourceSinkOutput +import External::TestSourceSinkOutput diff --git a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql index b5f0aa90ed4..55cd03ede10 100644 --- a/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql +++ b/csharp/ql/test/library-tests/frameworks/EntityFramework/FlowSummaries.ql @@ -3,12 +3,10 @@ import shared.FlowSummaries import semmle.code.csharp.frameworks.EntityFramework::EntityFramework import semmle.code.csharp.dataflow.internal.ExternalFlow as ExternalFlow -module TestSummaryInput implements TestSummaryInputSig { - class RelevantSummarizedCallable extends IncludeSummarizedCallable instanceof EFSummarizedCallable - { } +class RelevantSummarizedCallable extends IncludeSummarizedCallable instanceof EFSummarizedCallable { } -import TestSummaryOutput +import TestSummaryOutput query predicate sourceNode(DataFlow::Node node, string kind) { ExternalFlow::sourceNode(node, kind) From 969676975d5be45ace129e709988d52734f8bf2f Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Wed, 20 Mar 2024 15:28:56 +0100 Subject: [PATCH 9/9] C#: Address review comments. --- .../library-tests/dataflow/library/FlowSummariesFiltered.ql | 2 +- csharp/ql/test/shared/FlowSummaries.qll | 2 -- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql index 5bbb7ec0c6f..9c19d00cb59 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.ql @@ -13,7 +13,7 @@ class IncludeFilteredSummarizedCallable extends IncludeSummarizedCallable { this.propagatesFlow(input, output, preservesValue) and not exists(IncludeSummarizedCallable rsc | isBaseCallableOrPrototype(rsc) and - rsc.(SummarizedCallableImpl).propagatesFlow(input, output, preservesValue) and + rsc.propagatesFlow(input, output, preservesValue) and this.(UnboundCallable).overridesOrImplementsUnbound(rsc) ) } diff --git a/csharp/ql/test/shared/FlowSummaries.qll b/csharp/ql/test/shared/FlowSummaries.qll index b68966afa34..2fecea3f62f 100644 --- a/csharp/ql/test/shared/FlowSummaries.qll +++ b/csharp/ql/test/shared/FlowSummaries.qll @@ -17,6 +17,4 @@ class IncludeSummarizedCallable extends SummarizedCallableImplFinal { ) { this.propagatesFlow(input, output, preservesValue) } - - string toString() { result = super.toString() } }