diff --git a/csharp/fix-whitespaces.sh b/csharp/fix-whitespaces.sh
index d18bf7453d4..6ac324efbc0 100755
--- a/csharp/fix-whitespaces.sh
+++ b/csharp/fix-whitespaces.sh
@@ -8,7 +8,7 @@ cat > "$BASEDIR/reformat.vim" <<"EOF"
:wq
EOF
-find "$BASEDIR" \( -name "*.ql" -or -name "*.qll" -or -name "*.csv" \) -exec vim -u /dev/null -s reformat.vim {} \;
+find "$BASEDIR" \( -name "*.ql" -or -name "*.qll" -or -name "*.csv" -or -name "*.config" \) -exec vim -u /dev/null -s reformat.vim {} \;
cat > reformat.vim <<"EOF"
:set ff=unix ts=4 et
diff --git a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.config b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.config
index cd0f2adea63..d7cd99a6ab9 100644
--- a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.config
+++ b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.config
@@ -6,36 +6,35 @@
-
+
-
+
-
-
-
+
+
+
-
+
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
diff --git a/csharp/ql/src/Configuration/PasswordInConfigurationFile.config b/csharp/ql/src/Configuration/PasswordInConfigurationFile.config
index c783a3c920c..964c3ca506f 100644
--- a/csharp/ql/src/Configuration/PasswordInConfigurationFile.config
+++ b/csharp/ql/src/Configuration/PasswordInConfigurationFile.config
@@ -6,36 +6,35 @@
-
+
-
+
-
-
-
+
+
+
-
+
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
diff --git a/csharp/ql/src/Security Features/CWE-248/BadWeb.config b/csharp/ql/src/Security Features/CWE-248/BadWeb.config
index 6dadd6e527a..ece7488651f 100644
--- a/csharp/ql/src/Security Features/CWE-248/BadWeb.config
+++ b/csharp/ql/src/Security Features/CWE-248/BadWeb.config
@@ -5,4 +5,4 @@
...
-
\ No newline at end of file
+
diff --git a/csharp/ql/src/Security Features/CWE-248/GoodWeb.config b/csharp/ql/src/Security Features/CWE-248/GoodWeb.config
index c1744c32cd7..4ae921f6762 100644
--- a/csharp/ql/src/Security Features/CWE-248/GoodWeb.config
+++ b/csharp/ql/src/Security Features/CWE-248/GoodWeb.config
@@ -5,4 +5,4 @@
...
-
\ No newline at end of file
+
diff --git a/csharp/ql/src/Security Features/CWE-451/Web.config b/csharp/ql/src/Security Features/CWE-451/Web.config
index 7d74fe5ab64..78f6c30a819 100644
--- a/csharp/ql/src/Security Features/CWE-451/Web.config
+++ b/csharp/ql/src/Security Features/CWE-451/Web.config
@@ -9,4 +9,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/src/Security Features/CWE-614/Web.config b/csharp/ql/src/Security Features/CWE-614/Web.config
index 82e19bb11bc..89d4561cd62 100644
--- a/csharp/ql/src/Security Features/CWE-614/Web.config
+++ b/csharp/ql/src/Security Features/CWE-614/Web.config
@@ -3,7 +3,7 @@
exists(RefType cl, MicrosoftAspNetCoreHttpHttpResponse resp, IndexerAccess ci, Call cs, PropertyAccess qualifier |
- qualifier.getTarget() = resp.getHeadersProperty() and
+ qualifier.getTarget() = resp.getHeadersProperty() and
ci.getTarget() = cl.getAnIndexer() and
qualifier = ci.getQualifier() and
cs.getTarget() = cl.getAnIndexer().getSetter() and
cs.getArgument(0).getValue().toLowerCase() = "location" and
- this.asExpr() = cs.getArgument(1))
+ this.asExpr() = cs.getArgument(1))
}
}
}
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/XSS.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/XSS.qll
index de16c91a748..b89dc77b8f8 100644
--- a/csharp/ql/src/semmle/code/csharp/security/dataflow/XSS.qll
+++ b/csharp/ql/src/semmle/code/csharp/security/dataflow/XSS.qll
@@ -526,8 +526,8 @@ module XSS {
this.getExpr() = any(WebPageClass h).getWriteLiteralMethod().getACall().getAnArgument()
}
- override string explanation() {
- result = "System.Web.WebPages.WebPage.WriteLiteral() method"
+ override string explanation() {
+ result = "System.Web.WebPages.WebPage.WriteLiteral() method"
}
}
@@ -539,9 +539,9 @@ module XSS {
WebPageWriteLiteralToSink() {
this.getExpr() = any(WebPageClass h).getWriteLiteralToMethod().getACall().getAnArgument()
}
-
- override string explanation() {
- result = "System.Web.WebPages.WebPage.WriteLiteralTo() method"
+
+ override string explanation() {
+ result = "System.Web.WebPages.WebPage.WriteLiteralTo() method"
}
}
@@ -555,9 +555,9 @@ module XSS {
MicrosoftAspNetCoreMvcHtmlHelperRawSink() {
this.getExpr() = any(MicrosoftAspNetCoreMvcHtmlHelperClass h).getRawMethod().getACall().getAnArgument()
}
-
- override string explanation() {
- result = "Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method"
+
+ override string explanation() {
+ result = "Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method"
}
}
@@ -569,19 +569,19 @@ module XSS {
MicrosoftAspNetRazorPageWriteLiteralSink() {
this.getExpr() = any(MicrosoftAspNetCoreMvcRazorPageBase h).getWriteLiteralMethod().getACall().getAnArgument()
}
-
- override string explanation() {
- result = "Microsoft.AspNetCore.Mvc.Razor.RazorPageBase.WriteLiteral() method"
+
+ override string explanation() {
+ result = "Microsoft.AspNetCore.Mvc.Razor.RazorPageBase.WriteLiteral() method"
}
}
-
+
/**
* HtmlString that may be rendered as is need to have sanitized value
*/
class MicrosoftAspNetHtmlStringSink extends AspNetCoreSink {
MicrosoftAspNetHtmlStringSink() {
- exists (ObjectCreation c, MicrosoftAspNetCoreHttpHtmlString s |
- c.getTarget() = s.getAConstructor() and
+ exists (ObjectCreation c, MicrosoftAspNetCoreHttpHtmlString s |
+ c.getTarget() = s.getAConstructor() and
this.asExpr() = c.getAnArgument())
}
}
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-011/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-011/Web.config
index 0d7e9343358..a7ec4f8a7d8 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-011/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-011/Web.config
@@ -5,4 +5,4 @@
defaultLanguage="c#"
/>
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-011/bad/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-011/bad/Web.config
index 5d4cc006f47..ffc04c240fa 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-011/bad/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-011/bad/Web.config
@@ -6,4 +6,4 @@
debug="true"
/>
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNet.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNet.cs
index 247b681e827..46fef7d0ff8 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNet.cs
+++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNet.cs
@@ -48,4 +48,4 @@ namespace ASP
}
}
-// source-extractor-options: /r:${testdir}/../../../../../packages/Microsoft.AspNet.WebPages.3.2.3/lib/net45/System.Web.WebPages.dll /r:${testdir}/../../../../../packages/Microsoft.AspNet.Mvc.5.2.3/lib/net45/System.Web.Mvc.dll /r:System.Dynamic.Runtime.dll /r:System.Runtime.Extensions.dll /r:System.Linq.Expressions.dll /r:System.Web.dll /r:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll /r:System.Collections.Specialized.dll
\ No newline at end of file
+// source-extractor-options: /r:${testdir}/../../../../../packages/Microsoft.AspNet.WebPages.3.2.3/lib/net45/System.Web.WebPages.dll /r:${testdir}/../../../../../packages/Microsoft.AspNet.Mvc.5.2.3/lib/net45/System.Web.Mvc.dll /r:System.Dynamic.Runtime.dll /r:System.Runtime.Extensions.dll /r:System.Linq.Expressions.dll /r:System.Web.dll /r:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll /r:System.Collections.Specialized.dll
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNetCore.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNetCore.cs
index 98cda988da8..0740598a9e4 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNetCore.cs
+++ b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNetCore.cs
@@ -76,4 +76,4 @@ namespace Testing.Controllers
}
}
-// initial-extractor-options: /r:netstandard.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.Core.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.Core.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Antiforgery.1.1.2/lib/net451/Microsoft.AspNetCore.Antiforgery.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.ViewFeatures.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.ViewFeatures.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.Abstractions.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.Abstractions.dll /r:${testdir}/../../../../../packages\Microsoft.AspNetCore.Http.Abstractions.1.1.2\lib\net451\Microsoft.AspNetCore.Http.Abstractions.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Html.Abstractions.1.1.2/lib/netstandard1.0/Microsoft.AspNetCore.Html.Abstractions.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Http.Features.1.1.2\lib\net451\Microsoft.AspNetCore.Http.Features.dll /r:${testdir}/../../../../../packages\Microsoft.Extensions.Primitives.2.1.0\lib\netstandard2.0\Microsoft.Extensions.Primitives.dll /r:System.Linq.dll /r:System.Linq.Expressions.dll /r:System.Linq.Queryable.dll
\ No newline at end of file
+// initial-extractor-options: /r:netstandard.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.Core.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.Core.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Antiforgery.1.1.2/lib/net451/Microsoft.AspNetCore.Antiforgery.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.ViewFeatures.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.ViewFeatures.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.Abstractions.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.Abstractions.dll /r:${testdir}/../../../../../packages\Microsoft.AspNetCore.Http.Abstractions.1.1.2\lib\net451\Microsoft.AspNetCore.Http.Abstractions.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Html.Abstractions.1.1.2/lib/netstandard1.0/Microsoft.AspNetCore.Html.Abstractions.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Http.Features.1.1.2\lib\net451\Microsoft.AspNetCore.Http.Features.dll /r:${testdir}/../../../../../packages\Microsoft.Extensions.Primitives.2.1.0\lib\netstandard2.0\Microsoft.Extensions.Primitives.dll /r:System.Linq.dll /r:System.Linq.Expressions.dll /r:System.Linq.Queryable.dll
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config
index e385b1343aa..768c965080c 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config
@@ -4,4 +4,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/Web.config
index e385b1343aa..768c965080c 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/Web.config
@@ -4,4 +4,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/Web.config
index 5df885d446a..8f0b996a024 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/Web.config
@@ -2,4 +2,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config
index 5df885d446a..8f0b996a024 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config
@@ -2,4 +2,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/Web.config
index 7d74fe5ab64..78f6c30a819 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/Web.config
@@ -9,4 +9,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-548/web.config b/csharp/ql/test/query-tests/Security Features/CWE-548/web.config
index 197d3f068f3..b4276433838 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-548/web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-548/web.config
@@ -3,4 +3,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/Web.config
index 0a1c6911fb4..96fd10c05b7 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/Web.config
@@ -3,4 +3,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/Web.config
index 786fd6b50fe..c65c506b512 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/Web.config
@@ -6,4 +6,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config
index 8a8f1763001..1ddaaf2b65f 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config
@@ -6,4 +6,4 @@
-
\ No newline at end of file
+
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config
index f988cb043e3..0ab64b1fcb6 100644
--- a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config
+++ b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config
@@ -6,4 +6,4 @@
-
\ No newline at end of file
+