hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into csharp-ext

Browse Source
This commit is contained in:
Mathew Payne
2023-06-08 10:58:02 +01:00
committed by GitHub
parent c493e276ec cc45db7c76
commit 8052b35e62
1714 changed files with 76953 additions and 40822 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
csharp/ql/campaigns/Solorigate/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.5.2
No user-facing changes.
## 1.5.1
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/lib/change-notes/released/1.5.2.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.5.2
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.1
lastReleaseVersion: 1.5.2

2
csharp/ql/campaigns/Solorigate/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.5.2-dev
version: 1.5.3-dev
groups:
- csharp
- solorigate

4
csharp/ql/campaigns/Solorigate/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.5.2
No user-facing changes.
## 1.5.1
No user-facing changes.

3
csharp/ql/campaigns/Solorigate/src/change-notes/released/1.5.2.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.5.2
No user-facing changes.

2
csharp/ql/campaigns/Solorigate/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.5.1
lastReleaseVersion: 1.5.2

2
csharp/ql/campaigns/Solorigate/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.5.2-dev
version: 1.5.3-dev
groups:
- csharp
- solorigate

2
csharp/ql/consistency-queries/DataFlowConsistency.ql
View File

@@ -72,5 +72,5 @@ private class MyConsistencyConfiguration extends ConsistencyConfiguration {
override predicate reverseReadExclude(Node n) { n.asExpr() = any(AwaitExpr ae).getExpr() }
override predicate identityLocalStepExclude(Node n) { this.missingLocationExclude(n) }
override predicate identityLocalStepExclude(Node n) { none() }
}

6
csharp/ql/integration-tests/all-platforms/cshtml/Files.expected Normal file
View File

@@ -0,0 +1,6 @@
| Program.cs:0:0:0:0 | Program.cs |
| obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs:0:0:0:0 | obj/Debug/net7.0/.NETCoreApp,Version=v7.0.AssemblyAttributes.cs |
| obj/Debug/net7.0/cshtml.AssemblyInfo.cs:0:0:0:0 | obj/Debug/net7.0/cshtml.AssemblyInfo.cs |
| obj/Debug/net7.0/cshtml.GlobalUsings.g.cs:0:0:0:0 | obj/Debug/net7.0/cshtml.GlobalUsings.g.cs |
| obj/Debug/net7.0/cshtml.RazorAssemblyInfo.cs:0:0:0:0 | obj/Debug/net7.0/cshtml.RazorAssemblyInfo.cs |
| obj/Debug/net7.0/generated/Microsoft.NET.Sdk.Razor.SourceGenerators/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs:0:0:0:0 | obj/Debug/net7.0/generated/Microsoft.NET.Sdk.Razor.SourceGenerators/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs |

5
csharp/ql/integration-tests/all-platforms/cshtml/Files.ql Normal file
View File

@@ -0,0 +1,5 @@
import csharp
from File f
where f.fromSource()
select f

1
csharp/ql/integration-tests/all-platforms/cshtml/Program.cs Normal file
View File

@@ -0,0 +1 @@
var dummy = "dummy";

8
csharp/ql/integration-tests/all-platforms/cshtml/Views/Home/Index.cshtml Normal file
View File

@@ -0,0 +1,8 @@
@{
ViewData["Title"] = "Home Page";
}
<div class="text-center">
<h1 class="display-4">Welcome</h1>
<p>Learn about <a href="https://docs.microsoft.com/aspnet/core">building Web apps with ASP.NET Core</a>.</p>
</div>

14
csharp/ql/integration-tests/all-platforms/cshtml/cshtml.csproj Normal file
View File

@@ -0,0 +1,14 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net7.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
<Target Name="DeleteBinObjFolders" BeforeTargets="Clean">
<RemoveDir Directories=".\bin" />
<RemoveDir Directories=".\obj" />
</Target>
</Project>

3
csharp/ql/integration-tests/all-platforms/cshtml/test.py Normal file
View File

@@ -0,0 +1,3 @@
from create_database_utils import *
run_codeql_database_create(['dotnet build'], lang="csharp", extra_args=["--extractor-option=cil=false"])

7
csharp/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 0.6.2
### Minor Analysis Improvements
* The `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information` queries now correctly handle unsanitized arguments to `ILogger` extension methods.
* Updated the `neutralModel` extensible predicate to include a `kind` column.
## 0.6.1
No user-facing changes.

10
csharp/ql/lib/Linq/Helpers.qll
View File

@@ -128,7 +128,7 @@ predicate missedWhereOpportunity(ForeachStmt fes, IfStmt is) {
class AnyCall extends MethodCall {
AnyCall() {
exists(Method m |
m = getTarget().getUnboundDeclaration() and
m = this.getTarget().getUnboundDeclaration() and
isEnumerableType(m.getDeclaringType()) and
m.hasName("Any<>")
)
@@ -139,7 +139,7 @@ class AnyCall extends MethodCall {
class CountCall extends MethodCall {
CountCall() {
exists(Method m |
m = getTarget().getUnboundDeclaration() and
m = this.getTarget().getUnboundDeclaration() and
isEnumerableType(m.getDeclaringType()) and
m.hasName("Count<>")
)
@@ -148,19 +148,19 @@ class CountCall extends MethodCall {
/** A variable of type IEnumerable&lt;T>, for some T. */
class IEnumerableSequence extends Variable {
IEnumerableSequence() { isIEnumerableType(getType()) }
IEnumerableSequence() { isIEnumerableType(this.getType()) }
}
/** A LINQ Select(...) call. */
class SelectCall extends ExtensionMethodCall {
SelectCall() {
exists(Method m |
m = getTarget().getUnboundDeclaration() and
m = this.getTarget().getUnboundDeclaration() and
isEnumerableType(m.getDeclaringType()) and
m.hasName("Select<,>")
)
}
/** Gets the anonymous function expression supplied as the argument to the Select (if possible). */
AnonymousFunctionExpr getFunctionExpr() { result = getArgument(1) }
AnonymousFunctionExpr getFunctionExpr() { result = this.getArgument(1) }
}

4
csharp/ql/lib/change-notes/2023-04-26-neutral-model-kinds.md
View File

@@ -1,4 +0,0 @@
---
category: minorAnalysis
---
* Updated the `neutralModel` extensible predicate to include a `kind` column.

9
csharp/ql/lib/change-notes/2023-05-17-update-csharp-sink-kinds.md Normal file
View File

@@ -0,0 +1,9 @@
---
category: minorAnalysis
---
* Updated the following C# sink kind names. Any custom data extensions that use these sink kinds will need to be updated accordingly in order to continue working.
* `code` to `code-injection`
* `sql` to `sql-injection`
* `html` to `html-injection`
* `xss` to `js-injection`
* `remote` to `file-content-store`

4
csharp/ql/lib/change-notes/2023-05-30-source-generators.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* The extractor has been changed to run after the traced compiler call. This allows inspecting compiler generated files, such as the output of source generators. With this change, `.cshtml` files and their generated `.cshtml.g.cs` counterparts are extracted on dotnet 6 and above.

8
csharp/ql/lib/change-notes/2023-06-02-delete-deps.md Normal file
View File

@@ -0,0 +1,8 @@
---
category: minorAnalysis
---
* Deleted the deprecated `WebConfigXML`, `ConfigurationXMLElement`, `LocationXMLElement`, `SystemWebXMLElement`, `SystemWebServerXMLElement`, `CustomErrorsXMLElement`, and `HttpRuntimeXMLElement` classes from `WebConfig.qll`. The non-deprecated names with PascalCased Xml suffixes should be used instead.
* Deleted the deprecated `Record` class from both `Types.qll` and `Type.qll`.
* Deleted the deprecated `StructuralComparisonConfiguration` class from `StructuralComparison.qll`, use `sameGvn` instead.
* Deleted the deprecated `isParameterOf` predicate from the `ParameterNode` class.
* Deleted the deprecated `SafeExternalAPICallable`, `ExternalAPIDataNode`, `UntrustedDataToExternalAPIConfig`, `UntrustedExternalAPIDataNode`, and `ExternalAPIUsedWithUntrustedData` classes from `ExternalAPIsQuery.qll`. The non-deprecated names with PascalCased Api suffixes should be used instead.

6
csharp/ql/lib/change-notes/released/0.6.2.md Normal file
View File

@@ -0,0 +1,6 @@
## 0.6.2
### Minor Analysis Improvements
* The `cs/log-forging`, `cs/cleartext-storage`, and `cs/exposure-of-sensitive-information` queries now correctly handle unsanitized arguments to `ILogger` extension methods.
* Updated the `neutralModel` extensible predicate to include a `kind` column.

2
csharp/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.1
lastReleaseVersion: 0.6.2

110
csharp/ql/lib/ext/Dapper.model.yml
View File

@@ -3,58 +3,58 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["Dapper", "SqlMapper", False, "Execute", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteReader", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.DbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalar", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalar<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalarAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryMultiple", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QueryMultipleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql", "manual"]
- ["Dapper", "SqlMapper", False, "Execute", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteReader", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.DbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteReaderAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalar", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalar<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalarAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "ExecuteScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "Query<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Boolean,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TSeventh,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TSixth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TFifth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TFourth,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TThird,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<,,>", "(System.Data.IDbConnection,System.String,System.Func<TFirst,TSecond,TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryAsync<>", "(System.Data.IDbConnection,System.String,System.Type[],System.Func<System.Object[],TReturn>,System.Object,System.Data.IDbTransaction,System.Boolean,System.String,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirst<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryFirstOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryMultiple", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QueryMultipleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingle<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefault<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[2]", "sql-injection", "manual"]
- ["Dapper", "SqlMapper", False, "QuerySingleOrDefaultAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Data.IDbTransaction,System.Nullable<System.Int32>,System.Nullable<System.Data.CommandType>)", "", "Argument[1]", "sql-injection", "manual"]

56
csharp/ql/lib/ext/Microsoft.ApplicationBlocks.Data.model.yml
View File

@@ -3,31 +3,31 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteDataset", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteNonQuery", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteReader", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.String,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteScalar", "(System.String,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlConnection,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String)", "", "Argument[2]", "sql-injection", "manual"]
- ["Microsoft.ApplicationBlocks.Data", "SqlHelper", False, "ExecuteXmlReader", "(System.Data.SqlClient.SqlTransaction,System.Data.CommandType,System.String,System.Data.SqlClient.SqlParameter[])", "", "Argument[2]", "sql-injection", "manual"]

30
csharp/ql/lib/ext/Microsoft.EntityFrameworkCore.model.yml
View File

@@ -1,11 +1,29 @@
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Add", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddAsync", "(TEntity,System.Threading.CancellationToken)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(System.Collections.Generic.IEnumerable<TEntity>,System.Threading.CancellationToken)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AddRangeAsync", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Attach", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "AttachRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "Update", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["Microsoft.EntityFrameworkCore", "DbSet<>", False, "UpdateRange", "(TEntity[])", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[1]", "sql", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalQueryableExtensions", False, "FromSqlRaw<>", "(Microsoft.EntityFrameworkCore.DbSet<TEntity>,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRaw", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalDatabaseFacadeExtensions", False, "ExecuteSqlRawAsync", "(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["Microsoft.EntityFrameworkCore", "RelationalQueryableExtensions", False, "FromSqlRaw<>", "(Microsoft.EntityFrameworkCore.DbSet<TEntity>,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]

96
csharp/ql/lib/ext/MySql.Data.MySqlClient.model.yml
View File

@@ -3,51 +3,51 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRow", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRowAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRowAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQuery", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQuery", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDataset", "(System.String,System.String,System.Data.DataSet,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDatasetAsync", "(System.String,System.String,System.Data.DataSet,System.String)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDatasetAsync", "(System.String,System.String,System.Data.DataSet,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRow", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRowAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataRowAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDataset", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteDatasetAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQuery", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQuery", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteNonQueryAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReader", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteReaderAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalar", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(MySql.Data.MySqlClient.MySqlConnection,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "ExecuteScalarAsync", "(System.String,System.String,System.Threading.CancellationToken,MySql.Data.MySqlClient.MySqlParameter[])", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDataset", "(System.String,System.String,System.Data.DataSet,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDatasetAsync", "(System.String,System.String,System.Data.DataSet,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["MySql.Data.MySqlClient", "MySqlHelper", False, "UpdateDatasetAsync", "(System.String,System.String,System.Data.DataSet,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]

184
csharp/ql/lib/ext/ServiceStack.OrmLite.model.yml
View File

@@ -3,95 +3,95 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Dictionary<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Exists<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "KeyValuePairs", "(System.Data.IDbConnection,System.String,System.System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object)", "", "Argument[2]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectNonDefaults<>", "(System.Data.IDbConnection,System.String,T)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "DictionaryAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExistsAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbCommand,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectNonDefaultsAsync<>", "(System.Data.IDbConnection,System.String,T,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApiAsync", False, "RowCountAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeGroupBy", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeHaving", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOrderBy", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String,System.Boolean)", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "IUntypedSqlExpression", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Column<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnDistinct<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ColumnLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Dictionary<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "ExecuteNonQuery", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Exists<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "KeyValuePairs", "(System.Data.IDbConnection,System.String,System.System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Lookup<,>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Scalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Select<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object)", "", "Argument[2]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectLazy<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SelectNonDefaults<>", "(System.Data.IDbConnection,System.String,T)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "Single<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlColumn<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlList<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApi", False, "SqlScalar<>", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ColumnDistinctAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "DictionaryAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExecuteNonQueryAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ExistsAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "KeyValuePairsAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbCommand,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "LookupAsync<,>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "ScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectAsync<>", "(System.Data.IDbConnection,System.Type,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SelectNonDefaultsAsync<>", "(System.Data.IDbConnection,System.String,T,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SingleAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlColumnAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Action<System.Data.IDbCommand>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlListAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadApiAsync", False, "SqlScalarAsync<>", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Collections.Generic.IEnumerable<System.Data.IDbDataParameter>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApi", False, "RowCount", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteReadExpressionsApiAsync", False, "RowCountAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String,System.Collections.Generic.Dictionary<System.String,System.Object>)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApi", False, "ExecuteSql", "(System.Data.IDbConnection,System.String,System.Object)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "OrmLiteWriteApiAsync", False, "ExecuteSqlAsync", "(System.Data.IDbConnection,System.String,System.Threading.CancellationToken)", "", "Argument[1]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeAnd", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeFrom", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeGroupBy", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeHaving", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOr", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeOrderBy", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeSelect", "(System.String,System.Boolean)", "", "Argument[0]", "sql-injection", "manual"]
- ["ServiceStack.OrmLite", "SqlExpression<>", True, "UnsafeWhere", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]

54
csharp/ql/lib/ext/ServiceStack.Redis.model.yml
View File

@@ -3,30 +3,30 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["ServiceStack.Redis", "IRedisClient", True, "Custom", "(System.Object[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecCachedLua", "(System.String,System.Func<System.String,T>)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "LoadLuaScript", "(System.String)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[],System.Threading.CancellationToken)", "", "Argument[0].Element", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecCachedLuaAsync", "(System.String,System.Func<System.String,System.Threading.Tasks.ValueTask<T>>,System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[])", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "LoadLuaScriptAsync", "(System.String,System.Threading.CancellationToken)", "", "Argument[0]", "code", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "Custom", "(System.Object[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecCachedLua", "(System.String,System.Func<System.String,T>)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLua", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsInt", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsList", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "ExecLuaAsString", "(System.String,System.String[],System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClient", True, "LoadLuaScript", "(System.String)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "CustomAsync", "(System.Object[],System.Threading.CancellationToken)", "", "Argument[0].Element", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecCachedLuaAsync", "(System.String,System.Func<System.String,System.Threading.Tasks.ValueTask<T>>,System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsIntAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsListAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsStringAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[])", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "ExecLuaAsync", "(System.String,System.String[],System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]
- ["ServiceStack.Redis", "IRedisClientAsync", True, "LoadLuaScriptAsync", "(System.String,System.Threading.CancellationToken)", "", "Argument[0]", "code-injection", "manual"]

150
csharp/ql/lib/ext/ServiceStack.model.yml
View File

@@ -3,81 +3,81 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["ServiceStack", "IOneWayClient", True, "SendAllOneWay", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[1].Element", "remote", "manual"]
- ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClient", True, "Patch<>", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClient", True, "Post<>", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClient", True, "Put<>", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClient", True, "Send<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync", "(System.String,ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod", "(System.String,ServiceStack.IReturnVoid)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,ServiceStack.IReturn<TResponse>)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,System.Object)", "", "Argument[1]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete<>", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get<>", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch<>", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post<>", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put<>", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGateway", True, "Delete<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGateway", True, "Get<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGateway", True, "Post<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGateway", True, "Put<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGateway", True, "Send<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "GetAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "PostAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "PutAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "SendAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IServiceGateway", True, "Publish", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IServiceGateway", True, "PublishAll", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[0].Element", "remote", "manual"]
- ["ServiceStack", "IServiceGateway", True, "Send<>", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IServiceGateway", True, "SendAll<>", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[0].Element", "remote", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "PublishAllAsync", "(System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[0].Element", "remote", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "PublishAsync", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "SendAllAsync<>", "(System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[0].Element", "remote", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "SendAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethod", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethod<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethodAsync<>", "(System.String,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Delete", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "DownloadBytes", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "DownloadBytesAsync", "(System.String,System.String,System.Object)", "", "Argument[2]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Get", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Head", "(ServiceStack.IReturn)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Head", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Patch", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Post", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(ServiceStack.Messaging.IMessage<T>)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(T)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Put", "(System.Object)", "", "Argument[0]", "remote", "manual"]
- ["ServiceStack", "IOneWayClient", True, "SendAllOneWay", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[1].Element", "file-content-store", "manual"]
- ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IOneWayClient", True, "SendOneWay", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Patch<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Post<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Put<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClient", True, "Send<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync", "(System.String,ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "CustomMethodAsync<>", "(System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "DeleteAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "GetAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PatchAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PostAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync", "(ServiceStack.IReturnVoid,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(ServiceStack.IReturn<TResponse>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientAsync", True, "PutAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod", "(System.String,ServiceStack.IReturnVoid)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,ServiceStack.IReturn<TResponse>)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "CustomMethod<>", "(System.String,System.Object)", "", "Argument[1]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Delete<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Get<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Patch<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Post<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put", "(ServiceStack.IReturnVoid)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put<>", "(ServiceStack.IReturn<TResponse>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestClientSync", True, "Put<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Delete<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Get<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Post<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Put<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGateway", True, "Send<>", "(ServiceStack.IReturn<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "DeleteAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "GetAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "PostAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "PutAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IRestGatewayAsync", True, "SendAsync<>", "(ServiceStack.IReturn<T>,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "Publish", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "PublishAll", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "Send<>", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGateway", True, "SendAll<>", "(System.Collections.Generic.IEnumerable<System.Object>)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "PublishAllAsync", "(System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "PublishAsync", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "SendAllAsync<>", "(System.Collections.Generic.IEnumerable<System.Object>,System.Threading.CancellationToken)", "", "Argument[0].Element", "file-content-store", "manual"]
- ["ServiceStack", "IServiceGatewayAsync", True, "SendAsync<>", "(System.Object,System.Threading.CancellationToken)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethod", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethod<>", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "CustomMethodAsync<>", "(System.String,System.String,System.Object,System.Threading.CancellationToken)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Delete", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "DownloadBytes", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "DownloadBytesAsync", "(System.String,System.String,System.Object)", "", "Argument[2]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Get", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Head", "(ServiceStack.IReturn)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Head", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Patch", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Post", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(ServiceStack.Messaging.IMessage<T>)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Publish<>", "(T)", "", "Argument[0]", "file-content-store", "manual"]
- ["ServiceStack", "ServiceClientBase", True, "Put", "(System.Object)", "", "Argument[0]", "file-content-store", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel

26
csharp/ql/lib/ext/System.Data.Entity.model.yml
View File

@@ -1,14 +1,22 @@
extensions:
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel
data:
- ["System.Data.Entity", "DbSet<>", False, "Add", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["System.Data.Entity", "DbSet<>", False, "AddRange", "(System.Collections.Generic.IEnumerable<TEntity>)", "", "Argument[0].WithElement", "Argument[this]", "value", "manual"]
- ["System.Data.Entity", "DbSet<>", False, "Attach", "(TEntity)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.Data.Entity.TransactionalBehavior,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.Data.Entity.TransactionalBehavior,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.Data.Entity.TransactionalBehavior,System.String,System.Threading.CancellationToken,System.Object[])", "", "Argument[1]", "sql", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.String,System.Threading.CancellationToken,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["System.Data.Entity", "Database", False, "SqlQuery", "(System.Type,System.String,System.Object[])", "", "Argument[1]", "sql", "manual"]
- ["System.Data.Entity", "Database", False, "SqlQuery<>", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["System.Data.Entity", "DbSet", False, "SqlQuery", "(System.String,System.Object[])", "", "Argument[0]", "sql", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.Data.Entity.TransactionalBehavior,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommand", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.Data.Entity.TransactionalBehavior,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.Data.Entity.TransactionalBehavior,System.String,System.Threading.CancellationToken,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.Entity", "Database", False, "ExecuteSqlCommandAsync", "(System.String,System.Threading.CancellationToken,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.Entity", "Database", False, "SqlQuery", "(System.Type,System.String,System.Object[])", "", "Argument[1]", "sql-injection", "manual"]
- ["System.Data.Entity", "Database", False, "SqlQuery<>", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.Entity", "DbSet", False, "SqlQuery", "(System.String,System.Object[])", "", "Argument[0]", "sql-injection", "manual"]

6
csharp/ql/lib/ext/System.Data.EntityClient.model.yml
View File

@@ -3,6 +3,6 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String,System.Data.EntityClient.EntityConnection)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String,System.Data.EntityClient.EntityConnection)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.EntityClient", "EntityCommand", False, "EntityCommand", "(System.String,System.Data.EntityClient.EntityConnection,System.Data.EntityClient.EntityTransaction)", "", "Argument[0]", "sql-injection", "manual"]

6
csharp/ql/lib/ext/System.Data.Odbc.model.yml
View File

@@ -3,6 +3,6 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String,System.Data.Odbc.OdbcConnection,System.Data.Odbc.OdbcTransaction)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.Odbc", "OdbcCommand", False, "OdbcCommand", "(System.String,System.Data.Odbc.OdbcConnection,System.Data.Odbc.OdbcTransaction)", "", "Argument[0]", "sql-injection", "manual"]

6
csharp/ql/lib/ext/System.Data.OleDb.model.yml
View File

@@ -3,6 +3,6 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String,System.Data.OleDb.OleDbConnection)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String,System.Data.OleDb.OleDbConnection,System.Data.OleDb.OleDbTransaction)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String,System.Data.OleDb.OleDbConnection)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.OleDb", "OleDbCommand", False, "OleDbCommand", "(System.String,System.Data.OleDb.OleDbConnection,System.Data.OleDb.OleDbTransaction)", "", "Argument[0]", "sql-injection", "manual"]

14
csharp/ql/lib/ext/System.Data.SQLite.model.yml
View File

@@ -3,13 +3,13 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection,System.Data.SQLite.SQLiteTransaction)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.Data.SQLite.SQLiteCommand)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.String,System.Boolean)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SQLite", "SQLiteCommand", False, "SQLiteCommand", "(System.String,System.Data.SQLite.SQLiteConnection,System.Data.SQLite.SQLiteTransaction)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.Data.SQLite.SQLiteCommand)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.Data.SQLite.SQLiteConnection)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SQLite", "SQLiteDataAdapter", False, "SQLiteDataAdapter", "(System.String,System.String,System.Boolean)", "", "Argument[0]", "sql-injection", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel

12
csharp/ql/lib/ext/System.Data.SqlClient.model.yml
View File

@@ -3,12 +3,12 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection,System.Data.SqlClient.SqlTransaction)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.Data.SqlClient.SqlCommand)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql", "manual"]
- ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SqlClient", "SqlCommand", False, "SqlCommand", "(System.String,System.Data.SqlClient.SqlConnection,System.Data.SqlClient.SqlTransaction)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.Data.SqlClient.SqlCommand)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.String,System.Data.SqlClient.SqlConnection)", "", "Argument[0]", "sql-injection", "manual"]
- ["System.Data.SqlClient", "SqlDataAdapter", False, "SqlDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql-injection", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel

2
csharp/ql/lib/ext/System.Net.Http.model.yml
View File

@@ -3,7 +3,7 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["System.Net.Http", "StringContent", False, "StringContent", "", "", "Argument[0]", "xss", "manual"]
- ["System.Net.Http", "StringContent", False, "StringContent", "", "", "Argument[0]", "js-injection", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel

8
csharp/ql/lib/ext/System.Web.model.yml
View File

@@ -3,10 +3,10 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["System.Web", "HttpResponse", False, "BinaryWrite", "", "", "Argument[0]", "html", "manual"]
- ["System.Web", "HttpResponse", False, "TransmitFile", "", "", "Argument[0]", "html", "manual"]
- ["System.Web", "HttpResponse", False, "Write", "", "", "Argument[0]", "html", "manual"]
- ["System.Web", "HttpResponse", False, "WriteFile", "", "", "Argument[0]", "html", "manual"]
- ["System.Web", "HttpResponse", False, "BinaryWrite", "", "", "Argument[0]", "html-injection", "manual"]
- ["System.Web", "HttpResponse", False, "TransmitFile", "", "", "Argument[0]", "html-injection", "manual"]
- ["System.Web", "HttpResponse", False, "Write", "", "", "Argument[0]", "html-injection", "manual"]
- ["System.Web", "HttpResponse", False, "WriteFile", "", "", "Argument[0]", "html-injection", "manual"]
- addsTo:
pack: codeql/csharp-all
extensible: summaryModel

13
csharp/ql/lib/ext/generated/dotnet_runtime.model.yml
View File

@@ -7,10 +7,10 @@ extensions:
pack: codeql/csharp-all
extensible: sinkModel
data:
- ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql", "df-generated"]
- ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql", "df-generated"]
- ["System.Net.Http", "StringContent", false, "StringContent", "(System.String)", "", "Argument[0]", "xss", "df-generated"]
- ["System.Net.Http", "StringContent", false, "StringContent", "(System.String,System.Text.Encoding)", "", "Argument[0]", "xss", "df-generated"]
- ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.Data.Odbc.OdbcConnection)", "", "Argument[0]", "sql-injection", "df-generated"]
- ["System.Data.Odbc", "OdbcDataAdapter", false, "OdbcDataAdapter", "(System.String,System.String)", "", "Argument[0]", "sql-injection", "df-generated"]
- ["System.Net.Http", "StringContent", false, "StringContent", "(System.String)", "", "Argument[0]", "js-injection", "df-generated"]
- ["System.Net.Http", "StringContent", false, "StringContent", "(System.String,System.Text.Encoding)", "", "Argument[0]", "js-injection", "df-generated"]
- ["System.Security.Cryptography", "AesCryptoServiceProvider", false, "CreateDecryptor", "(System.Byte[],System.Byte[])", "", "Argument[0]", "encryption-decryptor", "df-generated"]
- ["System.Security.Cryptography", "AesCryptoServiceProvider", false, "CreateEncryptor", "(System.Byte[],System.Byte[])", "", "Argument[0]", "encryption-encryptor", "df-generated"]
- ["System.Security.Cryptography", "AesCryptoServiceProvider", false, "set_Key", "(System.Byte[])", "", "Argument[0]", "encryption-keyprop", "df-generated"]
@@ -34,7 +34,7 @@ extensions:
- ["System.Security.Cryptography", "TripleDESCryptoServiceProvider", false, "CreateEncryptor", "(System.Byte[],System.Byte[])", "", "Argument[0]", "encryption-encryptor", "df-generated"]
- ["System.Security.Cryptography", "TripleDESCryptoServiceProvider", false, "set_Key", "(System.Byte[])", "", "Argument[0]", "encryption-keyprop", "df-generated"]
- addsTo:
@@ -51946,6 +51946,3 @@ extensions:
- ["System", "WeakReference<>", "TryGetTarget", "(T)", "summary", "df-generated"]
- ["System", "WeakReference<>", "WeakReference", "(T)", "summary", "df-generated"]
- ["System", "WeakReference<>", "WeakReference", "(T,System.Boolean)", "summary", "df-generated"]

3
csharp/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 0.6.2-dev
version: 0.6.3-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp
@@ -12,3 +12,4 @@ dependencies:
dataExtensions:
- ext/*.model.yml
- ext/generated/*.model.yml
warnOnImplicitThis: true

21
csharp/ql/lib/semmle/code/asp/WebConfig.qll
View File

@@ -18,9 +18,6 @@ class WebConfigReleaseTransformXml extends XmlFile {
WebConfigReleaseTransformXml() { this.getName().matches("%Web.Release.config") }
}
/** DEPRECATED: Alias for WebConfigXml */
deprecated class WebConfigXML = WebConfigXml;
/** A `<configuration>` tag in an ASP.NET configuration file. */
class ConfigurationXmlElement extends XmlElement {
ConfigurationXmlElement() { this.getName().toLowerCase() = "configuration" }
@@ -31,9 +28,6 @@ class CompilationXmlElement extends XmlElement {
CompilationXmlElement() { this.getName().toLowerCase() = "compilation" }
}
/** DEPRECATED: Alias for ConfigurationXmlElement */
deprecated class ConfigurationXMLElement = ConfigurationXmlElement;
/** A `<location>` tag in an ASP.NET configuration file. */
class LocationXmlElement extends XmlElement {
LocationXmlElement() {
@@ -42,9 +36,6 @@ class LocationXmlElement extends XmlElement {
}
}
/** DEPRECATED: Alias for LocationXmlElement */
deprecated class LocationXMLElement = LocationXmlElement;
/** A `<system.web>` tag in an ASP.NET configuration file. */
class SystemWebXmlElement extends XmlElement {
SystemWebXmlElement() {
@@ -57,9 +48,6 @@ class SystemWebXmlElement extends XmlElement {
}
}
/** DEPRECATED: Alias for SystemWebXmlElement */
deprecated class SystemWebXMLElement = SystemWebXmlElement;
/** A `<system.webServer>` tag in an ASP.NET configuration file. */
class SystemWebServerXmlElement extends XmlElement {
SystemWebServerXmlElement() {
@@ -72,9 +60,6 @@ class SystemWebServerXmlElement extends XmlElement {
}
}
/** DEPRECATED: Alias for SystemWebServerXmlElement */
deprecated class SystemWebServerXMLElement = SystemWebServerXmlElement;
/** A `<customErrors>` tag in an ASP.NET configuration file. */
class CustomErrorsXmlElement extends XmlElement {
CustomErrorsXmlElement() {
@@ -83,9 +68,6 @@ class CustomErrorsXmlElement extends XmlElement {
}
}
/** DEPRECATED: Alias for CustomErrorsXmlElement */
deprecated class CustomErrorsXMLElement = CustomErrorsXmlElement;
/** A `<httpRuntime>` tag in an ASP.NET configuration file. */
class HttpRuntimeXmlElement extends XmlElement {
HttpRuntimeXmlElement() {
@@ -94,9 +76,6 @@ class HttpRuntimeXmlElement extends XmlElement {
}
}
/** DEPRECATED: Alias for HttpRuntimeXmlElement */
deprecated class HttpRuntimeXMLElement = HttpRuntimeXmlElement;
/** A `<forms>` tag under `<system.web><authentication>` in an ASP.NET configuration file. */
class FormsElement extends XmlElement {
FormsElement() {

10
csharp/ql/lib/semmle/code/cil/Handler.qll
View File

@@ -38,21 +38,21 @@ class Handler extends Element, EntryPoint, @cil_handler {
* Holds if the instruction `i` is in the scope of this handler.
*/
predicate isInScope(Instruction i) {
i.getImplementation() = getImplementation() and
i.getIndex() in [getTryStart().getIndex() .. getTryEnd().getIndex()]
i.getImplementation() = this.getImplementation() and
i.getIndex() in [this.getTryStart().getIndex() .. this.getTryEnd().getIndex()]
}
override string toString() { none() }
override Instruction getASuccessorType(FlowType t) {
result = getHandlerStart() and
result = this.getHandlerStart() and
t instanceof NormalFlow
}
/** Gets the type of the caught exception, if any. */
Type getCaughtType() { cil_handler_type(this, result) }
override Location getLocation() { result = getTryStart().getLocation() }
override Location getLocation() { result = this.getTryStart().getLocation() }
}
/** A handler corresponding to a `finally` block. */
@@ -72,7 +72,7 @@ class FilterHandler extends Handler, @cil_filter_handler {
/** A handler corresponding to a `catch` clause. */
class CatchHandler extends Handler, @cil_catch_handler {
override string toString() { result = "catch(" + getCaughtType().getName() + ") {...}" }
override string toString() { result = "catch(" + this.getCaughtType().getName() + ") {...}" }
override int getPushCount() { result = 1 }
}

5
csharp/ql/lib/semmle/code/cil/Types.qll
View File

@@ -60,11 +60,6 @@ class Class extends ValueOrRefType {
Class() { this.isClass() }
}
/** A `record`. */
deprecated class Record extends Class {
Record() { this.isRecord() }
}
/** An `interface`. */
class Interface extends ValueOrRefType {
Interface() { this.isInterface() }

58
csharp/ql/lib/semmle/code/csharp/Comments.qll
View File

@@ -70,28 +70,28 @@ class XmlCommentLine extends CommentLine, @xmldoccomment {
override string toString() { result = "/// ..." }
private string xmlAttributeRegex() {
result = "(" + xmlIdentifierRegex() + ")(?:\\s*=\\s*[\"']([^\"']*)[\"'])"
result = "(" + this.xmlIdentifierRegex() + ")(?:\\s*=\\s*[\"']([^\"']*)[\"'])"
}
private string xmlIdentifierRegex() { result = "\\w+" }
private string xmlTagOpenRegex() { result = "<\\s*" + xmlIdentifierRegex() }
private string xmlTagOpenRegex() { result = "<\\s*" + this.xmlIdentifierRegex() }
private string xmlTagIntroRegex() {
result = xmlTagOpenRegex() + "(?:\\s*" + xmlAttributeRegex() + ")*"
result = this.xmlTagOpenRegex() + "(?:\\s*" + this.xmlAttributeRegex() + ")*"
}
private string xmlTagCloseRegex() { result = "</\\s*" + xmlIdentifierRegex() + "\\s*>" }
private string xmlTagCloseRegex() { result = "</\\s*" + this.xmlIdentifierRegex() + "\\s*>" }
/** Gets the text inside the XML element at character offset `offset`. */
private string getElement(int offset) {
result = getText().regexpFind(xmlTagIntroRegex(), _, offset)
result = this.getText().regexpFind(this.xmlTagIntroRegex(), _, offset)
}
/** Gets the name of the opening tag at offset `offset`. */
string getOpenTag(int offset) {
exists(int offset1, int offset2 |
result = getElement(offset1).regexpFind(xmlIdentifierRegex(), 0, offset2) and
result = this.getElement(offset1).regexpFind(this.xmlIdentifierRegex(), 0, offset2) and
offset = offset1 + offset2
)
}
@@ -100,9 +100,9 @@ class XmlCommentLine extends CommentLine, @xmldoccomment {
string getCloseTag(int offset) {
exists(int offset1, int offset2 |
result =
getText()
.regexpFind(xmlTagCloseRegex(), _, offset1)
.regexpFind(xmlIdentifierRegex(), 0, offset2) and
this.getText()
.regexpFind(this.xmlTagCloseRegex(), _, offset1)
.regexpFind(this.xmlIdentifierRegex(), 0, offset2) and
offset = offset1 + offset2
)
}
@@ -112,14 +112,14 @@ class XmlCommentLine extends CommentLine, @xmldoccomment {
exists(int offset1, int offset2 |
(
result =
getText()
.regexpFind(xmlTagIntroRegex() + "\\s*/>", _, offset1)
.regexpFind(xmlIdentifierRegex(), 0, offset2) or
this.getText()
.regexpFind(this.xmlTagIntroRegex() + "\\s*/>", _, offset1)
.regexpFind(this.xmlIdentifierRegex(), 0, offset2) or
result =
getText()
.regexpFind(xmlTagIntroRegex() + "\\s*>\\s*</" + xmlIdentifierRegex() + "\\s*>", _,
offset1)
.regexpFind(xmlIdentifierRegex(), 0, offset2)
this.getText()
.regexpFind(this.xmlTagIntroRegex() + "\\s*>\\s*</" + this.xmlIdentifierRegex() +
"\\s*>", _, offset1)
.regexpFind(this.xmlIdentifierRegex(), 0, offset2)
) and
offset = offset1 + offset2
)
@@ -130,18 +130,18 @@ class XmlCommentLine extends CommentLine, @xmldoccomment {
* for a given XML attribute name `key` and element offset `offset`.
*/
string getAttribute(string element, string key, int offset) {
exists(int offset1, int offset2, string elt, string pair | elt = getElement(offset1) |
element = elt.regexpFind(xmlIdentifierRegex(), 0, offset2) and
exists(int offset1, int offset2, string elt, string pair | elt = this.getElement(offset1) |
element = elt.regexpFind(this.xmlIdentifierRegex(), 0, offset2) and
offset = offset1 + offset2 and
pair = elt.regexpFind(xmlAttributeRegex(), _, _) and
key = pair.regexpCapture(xmlAttributeRegex(), 1) and
result = pair.regexpCapture(xmlAttributeRegex(), 2)
pair = elt.regexpFind(this.xmlAttributeRegex(), _, _) and
key = pair.regexpCapture(this.xmlAttributeRegex(), 1) and
result = pair.regexpCapture(this.xmlAttributeRegex(), 2)
)
}
/** Holds if the XML element at the given offset is not empty. */
predicate hasBody(string element, int offset) {
element = getOpenTag(offset) and not element = getEmptyTag(offset)
element = this.getOpenTag(offset) and not element = this.getEmptyTag(offset)
}
}
@@ -156,13 +156,13 @@ class XmlCommentLine extends CommentLine, @xmldoccomment {
*/
class CommentBlock extends @commentblock {
/** Gets a textual representation of this comment block. */
string toString() { result = getChild(0).toString() }
string toString() { result = this.getChild(0).toString() }
/** Gets the location of this comment block */
Location getLocation() { commentblock_location(this, result) }
/** Gets the number of lines in this comment block. */
int getNumLines() { result = count(getAChild()) }
int getNumLines() { result = count(this.getAChild()) }
/** Gets the `c`th child of this comment block (numbered from 0). */
CommentLine getChild(int c) { commentblock_child(this, result, c) }
@@ -189,23 +189,23 @@ class CommentBlock extends @commentblock {
Element getAnElement() { commentblock_binding(this, result, _) }
/** Gets a line of text in this comment block. */
string getALine() { result = getAChild().getText() }
string getALine() { result = this.getAChild().getText() }
/** Holds if the comment has no associated `Element`. */
predicate isOrphan() { not exists(getElement()) }
predicate isOrphan() { not exists(this.getElement()) }
/** Holds if this block consists entirely of XML comments. */
predicate isXmlCommentBlock() {
forall(CommentLine l | l = getAChild() | l instanceof XmlCommentLine)
forall(CommentLine l | l = this.getAChild() | l instanceof XmlCommentLine)
}
/** Gets a `CommentLine` containing text. */
CommentLine getANonEmptyLine() { result = getAChild() and result.getText().length() != 0 }
CommentLine getANonEmptyLine() { result = this.getAChild() and result.getText().length() != 0 }
/** Gets a `CommentLine` that might contain code. */
CommentLine getAProbableCodeLine() {
// Logic taken verbatim from Java query CommentedCode.qll
result = getAChild() and
result = this.getAChild() and
exists(string trimmed | trimmed = result.getText().regexpReplaceAll("\\s*//.*$", "") |
trimmed.matches("%;") or trimmed.matches("%{") or trimmed.matches("%}")
)

10
csharp/ql/lib/semmle/code/csharp/Type.qll
View File

@@ -780,16 +780,6 @@ class Class extends RefType, @class_type {
override string getAPrimaryQlClass() { result = "Class" }
}
/**
* DEPRECATED: Use `RecordClass` instead.
*/
deprecated class Record extends Class {
Record() { this.isRecord() }
/** Gets the clone method of this record. */
RecordCloneMethod getCloneMethod() { result = this.getAMember() }
}
/**
* A `record`, for example
*

24
csharp/ql/lib/semmle/code/csharp/commons/Compilation.qll
View File

@@ -13,25 +13,27 @@ class Compilation extends @compilation {
Assembly getOutputAssembly() { compilation_assembly(this, result) }
/** Gets the folder in which this compilation was run. */
Folder getFolder() { result.getAbsolutePath() = getDirectoryString() }
Folder getFolder() { result.getAbsolutePath() = this.getDirectoryString() }
/** Gets the `i`th command line argument. */
string getArgument(int i) { compilation_args(this, i, result) }
/** Gets the arguments as a concatenated string. */
string getArguments() { result = concat(int i | exists(getArgument(i)) | getArgument(i), " ") }
string getArguments() {
result = concat(int i | exists(this.getArgument(i)) | this.getArgument(i), " ")
}
/** Gets the 'i'th source file in this compilation. */
File getFileCompiled(int i) { compilation_compiling_files(this, i, result) }
/** Gets a source file compiled in this compilation. */
File getAFileCompiled() { result = getFileCompiled(_) }
File getAFileCompiled() { result = this.getFileCompiled(_) }
/** Gets the `i`th reference in this compilation. */
File getReference(int i) { compilation_referencing_files(this, i, result) }
/** Gets a reference in this compilation. */
File getAReference() { result = getReference(_) }
File getAReference() { result = this.getReference(_) }
/** Gets a diagnostic associated with this compilation. */
Diagnostic getADiagnostic() { result.getCompilation() = this }
@@ -40,25 +42,25 @@ class Compilation extends @compilation {
float getMetric(int metric) { compilation_time(this, -1, metric, result) }
/** Gets the CPU time of the compilation. */
float getFrontendCpuSeconds() { result = getMetric(0) }
float getFrontendCpuSeconds() { result = this.getMetric(0) }
/** Gets the elapsed time of the compilation. */
float getFrontendElapsedSeconds() { result = getMetric(1) }
float getFrontendElapsedSeconds() { result = this.getMetric(1) }
/** Gets the CPU time of the extraction. */
float getExtractorCpuSeconds() { result = getMetric(2) }
float getExtractorCpuSeconds() { result = this.getMetric(2) }
/** Gets the elapsed time of the extraction. */
float getExtractorElapsedSeconds() { result = getMetric(3) }
float getExtractorElapsedSeconds() { result = this.getMetric(3) }
/** Gets the user CPU time of the compilation. */
float getFrontendUserCpuSeconds() { result = getMetric(4) }
float getFrontendUserCpuSeconds() { result = this.getMetric(4) }
/** Gets the user CPU time of the extraction. */
float getExtractorUserCpuSeconds() { result = getMetric(5) }
float getExtractorUserCpuSeconds() { result = this.getMetric(5) }
/** Gets the peak working set of the extractor process in MB. */
float getPeakWorkingSetMB() { result = getMetric(6) }
float getPeakWorkingSetMB() { result = this.getMetric(6) }
/** Gets the CPU seconds for the entire extractor process. */
float getCpuSeconds() { compilation_finished(this, result, _) }

40
csharp/ql/lib/semmle/code/csharp/commons/StructuralComparison.qll
View File

@@ -200,43 +200,3 @@ predicate sameGvn(ControlFlowElement x, ControlFlowElement y) {
pragma[only_bind_into](toGvn(pragma[only_bind_out](x))) =
pragma[only_bind_into](toGvn(pragma[only_bind_out](y)))
}
/**
* DEPRECATED: Use `sameGvn` instead.
*
* A configuration for performing structural comparisons of program elements
* (expressions and statements).
*
* The predicate `candidate()` must be overridden, in order to identify the
* elements for which to perform structural comparison.
*
* Each use of the library is identified by a unique string value.
*/
abstract deprecated class StructuralComparisonConfiguration extends string {
bindingset[this]
StructuralComparisonConfiguration() { any() }
/**
* Holds if elements `x` and `y` are candidates for testing structural
* equality.
*
* Subclasses are expected to override this predicate to identify the
* top-level elements which they want to compare. Care should be
* taken to avoid identifying too many pairs of elements, as in general
* there are very many structurally equal subtrees in a program, and
* in order to keep the computation feasible we must focus attention.
*
* Note that this relation is not expected to be symmetric -- it's
* fine to include a pair `(x, y)` but not `(y, x)`.
* In fact, not including the symmetrically implied fact will save
* half the computation time on the structural comparison.
*/
abstract predicate candidate(ControlFlowElement x, ControlFlowElement y);
/**
* Holds if elements `x` and `y` structurally equal. `x` and `y` must be
* flagged as candidates for structural equality, that is,
* `candidate(x, y)` must hold.
*/
predicate same(ControlFlowElement x, ControlFlowElement y) { candidate(x, y) and sameGvn(x, y) }
}

18
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll
View File

@@ -335,7 +335,8 @@ module LocalFlow {
exists(ControlFlow::BasicBlock bb, int i |
SsaImpl::lastRefBeforeRedefExt(def, bb, i, next.getDefinitionExt()) and
def.definesAt(_, bb, i, _) and
def = getSsaDefinitionExt(nodeFrom)
def = getSsaDefinitionExt(nodeFrom) and
nodeFrom != next
)
}
@@ -414,7 +415,8 @@ module LocalFlow {
) {
exists(CIL::BasicBlock bb, int i | CilSsaImpl::lastRefBeforeRedefExt(def, bb, i, next) |
def.definesAt(_, bb, i, _) and
def = nodeFrom.(CilSsaDefinitionExtNode).getDefinition()
def = nodeFrom.(CilSsaDefinitionExtNode).getDefinition() and
def != next
or
nodeFrom = TCilExprNode(bb.getNode(i).(CIL::ReadAccess))
)
@@ -440,7 +442,8 @@ module LocalFlow {
exists(CIL::ReadAccess readFrom, CIL::ReadAccess readTo |
CilSsaImpl::hasAdjacentReadsExt(def, readFrom, readTo) and
nodeTo = TCilExprNode(readTo) and
nodeFrom = TCilExprNode(readFrom)
nodeFrom = TCilExprNode(readFrom) and
nodeFrom != nodeTo
)
or
// Flow into phi (read) node
@@ -483,7 +486,8 @@ module LocalFlow {
or
hasNodePath(any(LocalExprStepConfiguration x), nodeFrom, nodeTo)
or
ThisFlow::adjacentThisRefs(nodeFrom, nodeTo)
ThisFlow::adjacentThisRefs(nodeFrom, nodeTo) and
nodeFrom != nodeTo
or
ThisFlow::adjacentThisRefs(nodeFrom.(PostUpdateNode).getPreUpdateNode(), nodeTo)
or
@@ -541,7 +545,8 @@ predicate simpleLocalFlowStep(Node nodeFrom, Node nodeTo) {
exists(SsaImpl::DefinitionExt def |
LocalFlow::localSsaFlowStepUseUse(def, nodeFrom, nodeTo) and
not FlowSummaryImpl::Private::Steps::prohibitsUseUseFlow(nodeFrom, _) and
not LocalFlow::usesInstanceField(def)
not LocalFlow::usesInstanceField(def) and
nodeFrom != nodeTo
)
or
// Flow into phi (read)/uncertain SSA definition node from read
@@ -880,7 +885,8 @@ private module Cached {
predicate localFlowStepImpl(Node nodeFrom, Node nodeTo) {
LocalFlow::localFlowStepCommon(nodeFrom, nodeTo)
or
LocalFlow::localSsaFlowStepUseUse(_, nodeFrom, nodeTo)
LocalFlow::localSsaFlowStepUseUse(_, nodeFrom, nodeTo) and
nodeFrom != nodeTo
or
exists(SsaImpl::DefinitionExt def |
LocalFlow::localSsaFlowStep(def, nodeFrom, nodeTo) and

10
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll
View File

@@ -106,16 +106,6 @@ class ParameterNode extends Node instanceof ParameterNodeImpl {
result = c.asCallable().getParameter(ppos.getPosition())
)
}
/**
* DEPRECATED
*
* Holds if this node is the parameter of callable `c` at the specified
* (zero-based) position.
*/
deprecated predicate isParameterOf(DataFlowCallable c, int i) {
super.isParameterOf(c, any(ParameterPosition pos | i = pos.getPosition()))
}
}
/** A definition, viewed as a node in a data flow graph. */

27
csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -166,28 +166,21 @@ module Public {
SummaryComponentStack return(ReturnKind rk) { result = singleton(SummaryComponent::return(rk)) }
}
private predicate noComponentSpecific(SummaryComponent sc) {
not exists(getComponentSpecific(sc))
}
/** Gets a textual representation of this component used for flow summaries. */
private string getComponent(SummaryComponent sc) {
result = getComponentSpecific(sc)
or
noComponentSpecific(sc) and
(
exists(ArgumentPosition pos |
sc = TParameterSummaryComponent(pos) and
result = "Parameter[" + getArgumentPosition(pos) + "]"
)
or
exists(ParameterPosition pos |
sc = TArgumentSummaryComponent(pos) and
result = "Argument[" + getParameterPosition(pos) + "]"
)
or
sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue"
exists(ArgumentPosition pos |
sc = TParameterSummaryComponent(pos) and
result = "Parameter[" + getArgumentPosition(pos) + "]"
)
or
exists(ParameterPosition pos |
sc = TArgumentSummaryComponent(pos) and
result = "Argument[" + getParameterPosition(pos) + "]"
)
or
sc = TReturnSummaryComponent(getReturnValueKind()) and result = "ReturnValue"
}
/** Gets a textual representation of this stack used for flow summaries. */

4
csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImplSpecific.qll
View File

@@ -198,8 +198,8 @@ string getComponentSpecific(SummaryComponent sc) {
or
exists(ReturnKind rk |
sc = TReturnSummaryComponent(rk) and
result = "ReturnValue[" + rk + "]" and
not rk instanceof NormalReturnKind
not rk = getReturnValueKind() and
result = "ReturnValue[" + rk + "]"
)
}

6
csharp/ql/lib/semmle/code/csharp/dispatch/RuntimeCallable.qll
View File

@@ -16,7 +16,7 @@ class RuntimeCallable extends DotNet::Callable {
RuntimeCallable() {
not this.(Modifiable).isAbstract() and
(
not getDeclaringType() instanceof Interface or
not this.getDeclaringType() instanceof Interface or
this.(Virtualizable).isVirtual()
)
}
@@ -35,7 +35,7 @@ class RuntimeMethod extends RuntimeCallable {
/** A run-time instance method. */
class RuntimeInstanceMethod extends RuntimeMethod {
RuntimeInstanceMethod() { not isStatic() }
RuntimeInstanceMethod() { not this.isStatic() }
}
/** A run-time operator. */
@@ -46,5 +46,5 @@ class RuntimeAccessor extends Accessor, RuntimeCallable { }
/** A run-time instance accessor. */
class RuntimeInstanceAccessor extends RuntimeAccessor {
RuntimeInstanceAccessor() { not isStatic() }
RuntimeInstanceAccessor() { not this.isStatic() }
}

16
csharp/ql/lib/semmle/code/csharp/exprs/ComparisonOperation.qll
View File

@@ -68,9 +68,9 @@ class RelationalOperation extends ComparisonOperation, @rel_op_expr {
class GTExpr extends RelationalOperation, @gt_expr {
override string getOperator() { result = ">" }
override Expr getGreaterOperand() { result = getLeftOperand() }
override Expr getGreaterOperand() { result = this.getLeftOperand() }
override Expr getLesserOperand() { result = getRightOperand() }
override Expr getLesserOperand() { result = this.getRightOperand() }
override string getAPrimaryQlClass() { result = "GTExpr" }
}
@@ -81,9 +81,9 @@ class GTExpr extends RelationalOperation, @gt_expr {
class LTExpr extends RelationalOperation, @lt_expr {
override string getOperator() { result = "<" }
override Expr getGreaterOperand() { result = getRightOperand() }
override Expr getGreaterOperand() { result = this.getRightOperand() }
override Expr getLesserOperand() { result = getLeftOperand() }
override Expr getLesserOperand() { result = this.getLeftOperand() }
override string getAPrimaryQlClass() { result = "LTExpr" }
}
@@ -94,9 +94,9 @@ class LTExpr extends RelationalOperation, @lt_expr {
class GEExpr extends RelationalOperation, @ge_expr {
override string getOperator() { result = ">=" }
override Expr getGreaterOperand() { result = getLeftOperand() }
override Expr getGreaterOperand() { result = this.getLeftOperand() }
override Expr getLesserOperand() { result = getRightOperand() }
override Expr getLesserOperand() { result = this.getRightOperand() }
override string getAPrimaryQlClass() { result = "GEExpr" }
}
@@ -107,9 +107,9 @@ class GEExpr extends RelationalOperation, @ge_expr {
class LEExpr extends RelationalOperation, @le_expr {
override string getOperator() { result = "<=" }
override Expr getGreaterOperand() { result = getRightOperand() }
override Expr getGreaterOperand() { result = this.getRightOperand() }
override Expr getLesserOperand() { result = getLeftOperand() }
override Expr getLesserOperand() { result = this.getLeftOperand() }
override string getAPrimaryQlClass() { result = "LEExpr" }
}

25
csharp/ql/lib/semmle/code/csharp/frameworks/EntityFramework.qll
View File

@@ -88,31 +88,6 @@ module EntityFramework {
EFSummarizedCallable() { any() }
}
private class DbSetAddOrUpdateRequiredSummaryComponentStack extends RequiredSummaryComponentStack {
override predicate required(SummaryComponent head, SummaryComponentStack tail) {
head = SummaryComponent::element() and
tail = SummaryComponentStack::argument([-1, 0])
}
}
private class DbSetAddOrUpdate extends EFSummarizedCallable {
private boolean range;
DbSetAddOrUpdate() { this = any(DbSet c).getAnAddOrUpdateMethod(range) }
override predicate propagatesFlow(
SummaryComponentStack input, SummaryComponentStack output, boolean preservesValue
) {
(
if range = true
then input = SummaryComponentStack::elementOf(SummaryComponentStack::argument(0))
else input = SummaryComponentStack::argument(0)
) and
output = SummaryComponentStack::elementOf(SummaryComponentStack::qualifier()) and
preservesValue = true
}
}
/** The class `Microsoft.EntityFrameworkCore.DbQuery<>` or `System.Data.Entity.DbQuery<>`. */
class DbQuery extends EFClass, UnboundGenericClass {
DbQuery() { this.hasName("DbQuery<>") }

8
csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll
View File

@@ -7,7 +7,7 @@ private import semmle.code.csharp.frameworks.system.security.cryptography.Symmet
/** Array of type Byte */
deprecated class ByteArray extends ArrayType {
ByteArray() { getElementType() instanceof ByteType }
ByteArray() { this.getElementType() instanceof ByteType }
}
/** Abstract class for all sources of keys */
@@ -31,7 +31,7 @@ abstract class KeySanitizer extends DataFlow::ExprNode { }
*/
class SymmetricEncryptionKeyPropertySink extends SymmetricEncryptionKeySink {
SymmetricEncryptionKeyPropertySink() {
exists(SymmetricAlgorithm ag | asExpr() = ag.getKeyProperty().getAnAssignedValue())
exists(SymmetricAlgorithm ag | this.asExpr() = ag.getKeyProperty().getAnAssignedValue())
}
override string getDescription() { result = "Key property assignment" }
@@ -43,7 +43,7 @@ class SymmetricEncryptionKeyPropertySink extends SymmetricEncryptionKeySink {
class SymmetricEncryptionCreateEncryptorSink extends SymmetricEncryptionKeySink {
SymmetricEncryptionCreateEncryptorSink() {
exists(SymmetricAlgorithm ag, MethodCall mc | mc = ag.getASymmetricEncryptor() |
asExpr() = mc.getArgumentForName("rgbKey")
this.asExpr() = mc.getArgumentForName("rgbKey")
)
}
@@ -56,7 +56,7 @@ class SymmetricEncryptionCreateEncryptorSink extends SymmetricEncryptionKeySink
class SymmetricEncryptionCreateDecryptorSink extends SymmetricEncryptionKeySink {
SymmetricEncryptionCreateDecryptorSink() {
exists(SymmetricAlgorithm ag, MethodCall mc | mc = ag.getASymmetricDecryptor() |
asExpr() = mc.getArgumentForName("rgbKey")
this.asExpr() = mc.getArgumentForName("rgbKey")
)
}

2
csharp/ql/lib/semmle/code/csharp/security/dataflow/CodeInjectionQuery.qll
View File

@@ -97,5 +97,5 @@ class RoslynCSharpScriptSink extends Sink {
/** Code injection sinks defined through CSV models. */
private class ExternalCodeInjectionExprSink extends Sink {
ExternalCodeInjectionExprSink() { sinkNode(this, "code") }
ExternalCodeInjectionExprSink() { sinkNode(this, "code-injection") }
}

15
csharp/ql/lib/semmle/code/csharp/security/dataflow/ExternalAPIsQuery.qll
View File

@@ -14,9 +14,6 @@ private import semmle.code.csharp.dataflow.FlowSummary
*/
abstract class SafeExternalApiCallable extends Callable { }
/** DEPRECATED: Alias for SafeExternalApiCallable */
deprecated class SafeExternalAPICallable = SafeExternalApiCallable;
private class SummarizedCallableSafe extends SafeExternalApiCallable instanceof SummarizedCallable {
}
@@ -87,9 +84,6 @@ class ExternalApiDataNode extends DataFlow::Node {
}
}
/** DEPRECATED: Alias for ExternalApiDataNode */
deprecated class ExternalAPIDataNode = ExternalApiDataNode;
/**
* DEPRECATED: Use `RemoteSourceToExternalApi` instead.
*
@@ -113,9 +107,6 @@ private module RemoteSourceToExternalApiConfig implements DataFlow::ConfigSig {
/** A module for tracking flow from `RemoteFlowSource`s to `ExternalApiDataNode`s. */
module RemoteSourceToExternalApi = TaintTracking::Global<RemoteSourceToExternalApiConfig>;
/** DEPRECATED: Alias for UntrustedDataToExternalApiConfig */
deprecated class UntrustedDataToExternalAPIConfig = UntrustedDataToExternalApiConfig;
/** A node representing untrusted data being passed to an external API. */
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
UntrustedExternalApiDataNode() { RemoteSourceToExternalApi::flow(_, this) }
@@ -124,9 +115,6 @@ class UntrustedExternalApiDataNode extends ExternalApiDataNode {
DataFlow::Node getAnUntrustedSource() { RemoteSourceToExternalApi::flow(result, this) }
}
/** DEPRECATED: Alias for UntrustedExternalApiDataNode */
deprecated class UntrustedExternalAPIDataNode = UntrustedExternalApiDataNode;
/** An external API which is used with untrusted data. */
private newtype TExternalApi =
/** An untrusted API method `m` where untrusted data is passed at `index`. */
@@ -161,6 +149,3 @@ class ExternalApiUsedWithUntrustedData extends TExternalApi {
)
}
}
/** DEPRECATED: Alias for ExternalApiUsedWithUntrustedData */
deprecated class ExternalAPIUsedWithUntrustedData = ExternalApiUsedWithUntrustedData;

3
csharp/ql/lib/semmle/code/csharp/security/dataflow/LDAPInjectionQuery.qll
View File

@@ -155,9 +155,6 @@ class LdapEncodeSanitizer extends Sanitizer {
}
}
/** DEPRECATED: Alias for LdapEncodeSanitizer */
deprecated class LDAPEncodeSanitizer = LdapEncodeSanitizer;
private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }
private class GuidSanitizer extends Sanitizer, GuidSanitizedExpr { }

2
csharp/ql/lib/semmle/code/csharp/security/dataflow/SqlInjectionQuery.qll
View File

@@ -78,7 +78,7 @@ class SqlInjectionExprSink extends Sink {
/** SQL sinks defined through CSV models. */
private class ExternalSqlInjectionExprSink extends Sink {
ExternalSqlInjectionExprSink() { sinkNode(this, "sql") }
ExternalSqlInjectionExprSink() { sinkNode(this, "sql-injection") }
}
private class SimpleTypeSanitizer extends Sanitizer, SimpleTypeSanitizedExpr { }

2
csharp/ql/lib/semmle/code/csharp/security/dataflow/XSSSinks.qll
View File

@@ -24,7 +24,7 @@ abstract class Sink extends DataFlow::ExprNode, RemoteFlowSink {
}
private class ExternalXssSink extends Sink {
ExternalXssSink() { sinkNode(this, "xss") }
ExternalXssSink() { sinkNode(this, "js-injection") }
}
private class HtmlSinkSink extends Sink instanceof HtmlSink {

11
csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll
View File

@@ -19,14 +19,21 @@ private import semmle.code.csharp.dataflow.ExternalFlow
abstract class ExternalLocationSink extends DataFlow::ExprNode { }
private class ExternalModelSink extends ExternalLocationSink {
ExternalModelSink() { sinkNode(this, "remote") }
ExternalModelSink() { sinkNode(this, "file-content-store") }
}
/**
* An argument to a call to a method on a logger class.
*/
class LogMessageSink extends ExternalLocationSink {
LogMessageSink() { this.getExpr() = any(LoggerType i).getAMethod().getACall().getAnArgument() }
LogMessageSink() {
this.getExpr() = any(LoggerType i).getAMethod().getACall().getAnArgument()
or
this.getExpr() =
any(ExtensionMethodCall call |
call.getTarget().(ExtensionMethod).getExtendedType() instanceof LoggerType
).getArgument(any(int i | i > 0))
}
}
/**

2
csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Html.qll
View File

@@ -23,7 +23,7 @@ private import semmle.code.asp.AspNet
abstract class HtmlSink extends DataFlow::ExprNode, RemoteFlowSink { }
private class ExternalHtmlSink extends HtmlSink {
ExternalHtmlSink() { sinkNode(this, "html") }
ExternalHtmlSink() { sinkNode(this, "html-injection") }
}
/**

4
csharp/ql/src/Bad Practices/Comments/CommentedOutCode.ql
View File

@@ -14,8 +14,8 @@ import csharp
class CommentedOutCode extends CommentBlock {
CommentedOutCode() {
not isXmlCommentBlock() and
2 * count(getAProbableCodeLine()) > count(getANonEmptyLine())
not this.isXmlCommentBlock() and
2 * count(this.getAProbableCodeLine()) > count(this.getANonEmptyLine())
}
}

2
csharp/ql/src/Bad Practices/Implementation Hiding/ExposeRepresentation.ql
View File

@@ -78,4 +78,4 @@ where
exposesByStore(c, f, why, whyText)
select c,
"'" + c.getName() + "' exposes the internal representation stored in field '" + f.getName() +
"'. The value may be modified $@.", why.getLocation(), whyText
"'. The value may be modified $@.", why, whyText

4
csharp/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 0.6.2
No user-facing changes.
## 0.6.1
### Minor Analysis Improvements

2
csharp/ql/src/Complexity/ComplexCondition.ql
View File

@@ -26,4 +26,4 @@ where
operators =
count(BinaryLogicalOperation op | logicalParent*(op, e) and nontrivialLogicalOperator(op)) and
operators > 3
select e.getLocation(), "Complex condition: too many logical operations in this expression."
select e, "Complex condition: too many logical operations in this expression."

2
csharp/ql/src/Dead Code/DeadRefTypes.ql
View File

@@ -22,7 +22,7 @@ predicate potentiallyUsedFromXaml(RefType t) {
class ExportAttribute extends Attribute {
ExportAttribute() {
getType().hasQualifiedName("System.ComponentModel.Composition", "ExportAttribute")
this.getType().hasQualifiedName("System.ComponentModel.Composition", "ExportAttribute")
}
}

4
csharp/ql/src/Language Abuse/MissedUsingOpportunity.ql
View File

@@ -14,12 +14,12 @@ import semmle.code.csharp.frameworks.System
/** A call to IDisposable.Dispose or a method that overrides it. */
class DisposeCall extends MethodCall {
DisposeCall() { getTarget() instanceof DisposeMethod }
DisposeCall() { this.getTarget() instanceof DisposeMethod }
/** The object being disposed by the call (provided it can be easily determined). */
Variable getDisposee() {
exists(VariableAccess va |
va = getQualifier().stripCasts() and
va = this.getQualifier().stripCasts() and
result = va.getTarget()
)
}

2
csharp/ql/src/Likely Bugs/Collections/ContainerSizeCmpZero.ql
View File

@@ -38,7 +38,7 @@ private predicate containerSizeAccess(PropertyAccess pa, string containerKind) {
}
class ZeroLiteral extends Expr {
ZeroLiteral() { getValue() = "0" }
ZeroLiteral() { this.getValue() = "0" }
}
/**

6
csharp/ql/src/Likely Bugs/DangerousNonShortCircuitLogic.ql
View File

@@ -41,9 +41,9 @@ class NonShortCircuit extends BinaryBitwiseOperation {
this instanceof BitwiseOrExpr
) and
not exists(AssignBitwiseOperation abo | abo.getExpandedAssignment().getRValue() = this) and
getLeftOperand().getType() instanceof BoolType and
getRightOperand().getType() instanceof BoolType and
getRightOperand() instanceof DangerousExpression
this.getLeftOperand().getType() instanceof BoolType and
this.getRightOperand().getType() instanceof BoolType and
this.getRightOperand() instanceof DangerousExpression
}
}

24
csharp/ql/src/Likely Bugs/Dynamic/BadDynamicCall.ql
View File

@@ -20,7 +20,7 @@ abstract class BadDynamicCall extends DynamicExpr {
abstract AssignableRead getARelevantVariableAccess(int i);
Type possibleBadTypeForRelevantSource(Variable v, int i, Expr source) {
exists(Type t | t = possibleTypeForRelevantSource(v, i, source) |
exists(Type t | t = this.possibleTypeForRelevantSource(v, i, source) |
// If the source can have the type of an interface or an abstract class,
// then all possible sub types are, in principle, possible
t instanceof Interface and result.isImplicitlyConvertibleTo(t)
@@ -37,7 +37,7 @@ abstract class BadDynamicCall extends DynamicExpr {
private Type possibleTypeForRelevantSource(Variable v, int i, Expr source) {
exists(AssignableRead read, Ssa::Definition ssaDef, Ssa::ExplicitDefinition ultimateSsaDef |
read = getARelevantVariableAccess(i) and
read = this.getARelevantVariableAccess(i) and
v = read.getTarget() and
result = source.getType() and
read = ssaDef.getARead() and
@@ -55,28 +55,30 @@ abstract class BadDynamicCall extends DynamicExpr {
}
class BadDynamicMethodCall extends BadDynamicCall, DynamicMethodCall {
override AssignableRead getARelevantVariableAccess(int i) { result = getQualifier() and i = -1 }
override AssignableRead getARelevantVariableAccess(int i) {
result = this.getQualifier() and i = -1
}
override predicate isBad(Variable v, ValueOrRefType pt, Expr pts, string message, string target) {
pt = possibleBadTypeForRelevantSource(v, -1, pts) and
not exists(Method m | m = getARuntimeTarget() |
pt = this.possibleBadTypeForRelevantSource(v, -1, pts) and
not exists(Method m | m = this.getARuntimeTarget() |
pt.isImplicitlyConvertibleTo(m.getDeclaringType())
) and
message =
"The $@ of this dynamic method invocation can obtain (from $@) type $@, which does not have a method '"
+ getLateBoundTargetName() + "' with the appropriate signature." and
+ this.getLateBoundTargetName() + "' with the appropriate signature." and
target = "target"
}
}
class BadDynamicOperatorCall extends BadDynamicCall, DynamicOperatorCall {
override AssignableRead getARelevantVariableAccess(int i) { result = getRuntimeArgument(i) }
override AssignableRead getARelevantVariableAccess(int i) { result = this.getRuntimeArgument(i) }
override predicate isBad(Variable v, ValueOrRefType pt, Expr pts, string message, string target) {
exists(int i |
pt = possibleBadTypeForRelevantSource(v, i, pts) and
pt = this.possibleBadTypeForRelevantSource(v, i, pts) and
not pt.containsTypeParameters() and
not exists(Type paramType | paramType = getADynamicParameterType(_, i) |
not exists(Type paramType | paramType = this.getADynamicParameterType(_, i) |
pt.isImplicitlyConvertibleTo(paramType)
or
// If either the argument type or the parameter type contains type parameters,
@@ -93,11 +95,11 @@ class BadDynamicOperatorCall extends BadDynamicCall, DynamicOperatorCall {
) and
message =
"The $@ of this dynamic operator can obtain (from $@) type $@, which does not match an operator '"
+ getLateBoundTargetName() + "' with the appropriate signature."
+ this.getLateBoundTargetName() + "' with the appropriate signature."
}
private Type getADynamicParameterType(Operator o, int i) {
o = getARuntimeTarget() and
o = this.getARuntimeTarget() and
result = o.getParameter(i).getType()
}
}

18
csharp/ql/src/Likely Bugs/ObjectComparison.ql
View File

@@ -27,26 +27,26 @@ class ReferenceEqualityTestOnObject extends EqualityOperation {
// One or both of the operands has type object or interface.
exists(getObjectOperand(this)) and
// Neither operand is 'null'.
not getAnOperand() instanceof NullLiteral and
not exists(Type t | t = getAnOperand().stripImplicitCasts().getType() |
not this.getAnOperand() instanceof NullLiteral and
not exists(Type t | t = this.getAnOperand().stripImplicitCasts().getType() |
t instanceof NullType or
t instanceof ValueType
) and
// Neither operand is a constant - a reference comparison may well be intended for those.
not getAnOperand().(FieldAccess).getTarget().isReadOnly() and
not getAnOperand().hasValue() and
not this.getAnOperand().(FieldAccess).getTarget().isReadOnly() and
not this.getAnOperand().hasValue() and
// Not a short-cut test in a custom `Equals` method
not exists(EqualsMethod m |
getEnclosingCallable() = m and
getAnOperand() instanceof ThisAccess and
getAnOperand() = m.getParameter(0).getAnAccess()
this.getEnclosingCallable() = m and
this.getAnOperand() instanceof ThisAccess and
this.getAnOperand() = m.getParameter(0).getAnAccess()
) and
// Reference comparisons in Moq methods are used to define mocks
not exists(MethodCall mc, Namespace n |
mc.getTarget().getDeclaringType().getNamespace().getParentNamespace*() = n and
n.hasName("Moq") and
not exists(n.getParentNamespace()) and
mc.getAnArgument() = getEnclosingCallable()
mc.getAnArgument() = this.getEnclosingCallable()
)
}
@@ -54,7 +54,7 @@ class ReferenceEqualityTestOnObject extends EqualityOperation {
result = getObjectOperand(this) and
// Avoid duplicate results: only include left operand if both operands
// have object type
(result = getRightOperand() implies not getLeftOperand() = getObjectOperand(this))
(result = this.getRightOperand() implies not this.getLeftOperand() = getObjectOperand(this))
}
}

2
csharp/ql/src/Likely Bugs/PossibleLossOfPrecision.ql
View File

@@ -50,7 +50,7 @@ abstract class LossOfPrecision extends Expr {
Type convertedType;
LossOfPrecision() {
getType() instanceof IntegralType and
this.getType() instanceof IntegralType and
convertedToFloatOrDecimal(this, convertedType)
}

16
csharp/ql/src/Likely Bugs/Statements/UseBraces.ql
View File

@@ -26,11 +26,11 @@ Stmt getASuccessorStmt(Stmt s) {
}
class IfThenStmt extends IfStmt {
IfThenStmt() { not exists(getElse()) }
IfThenStmt() { not exists(this.getElse()) }
}
class IfThenElseStmt extends IfStmt {
IfThenElseStmt() { exists(getElse()) }
IfThenElseStmt() { exists(this.getElse()) }
}
Stmt getTrailingBody(Stmt s) {
@@ -49,16 +49,16 @@ abstract class UnbracedControlStmt extends Stmt {
abstract Stmt getSuccessorStmt();
private Stmt getACandidate() {
getSuccessorStmt() = result and
this.getSuccessorStmt() = result and
getBlockStmt(this) = getBlockStmt(result)
}
private Location getBodyLocation() { result = getBody().getLocation() }
private Location getBodyLocation() { result = this.getBody().getLocation() }
pragma[noopt]
Stmt getAConfusingTrailingStmt() {
result = getACandidate() and
exists(Location l1, Location l2 | l1 = getBodyLocation() and l2 = result.getLocation() |
result = this.getACandidate() and
exists(Location l1, Location l2 | l1 = this.getBodyLocation() and l2 = result.getLocation() |
// This test is slightly unreliable
// because tabs are counted as 1 column.
// But it's accurate enough to be useful, and will
@@ -79,7 +79,7 @@ class UnbracedIfStmt extends UnbracedControlStmt {
override Stmt getBody() { result = getTrailingBody(this) }
override Stmt getSuccessorStmt() {
result = getASuccessorStmt(getBody()) and
result = getASuccessorStmt(this.getBody()) and
result != this
}
}
@@ -95,7 +95,7 @@ class UnbracedLoopStmt extends UnbracedControlStmt {
override Stmt getSuccessorStmt() {
result = getASuccessorStmt(this) and
result != getBody()
result != this.getBody()
}
}

2
csharp/ql/src/Security Features/CWE-352/MissingAntiForgeryTokenValidation.ql
View File

@@ -19,7 +19,7 @@ import semmle.code.csharp.frameworks.system.web.Mvc
/** An `AuthorizationFilter` that calls the `AntiForgery.Validate` method. */
class AntiForgeryAuthorizationFilter extends AuthorizationFilter {
AntiForgeryAuthorizationFilter() {
getOnAuthorizationMethod().calls*(any(AntiForgeryClass a).getValidateMethod())
this.getOnAuthorizationMethod().calls*(any(AntiForgeryClass a).getValidateMethod())
}
}

3
csharp/ql/src/change-notes/released/0.6.2.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.6.2
No user-facing changes.

2
csharp/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.6.1
lastReleaseVersion: 0.6.2

2
csharp/ql/src/experimental/dataflow/flowsources/AuthCookie.qll
View File

@@ -191,7 +191,7 @@ abstract private class OnAppendCookieTrackingConfig extends DataFlow::Configurat
override predicate isSink(DataFlow::Node sink) {
exists(PropertyWrite pw, Assignment a |
pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreHttpCookieOptions and
pw.getProperty().getName() = propertyName() and
pw.getProperty().getName() = this.propertyName() and
a.getLValue() = pw and
exists(Expr val |
DataFlow::localExprFlow(val, a.getRValue()) and

4
csharp/ql/src/experimental/ir/implementation/IRType.qll
View File

@@ -39,7 +39,7 @@ class IRType extends TIRType {
* Gets a string that uniquely identifies this `IRType`. This string is often the same as the
* result of `IRType.toString()`, but for some types it may be more verbose to ensure uniqueness.
*/
string getIdentityString() { result = toString() }
string getIdentityString() { result = this.toString() }
/**
* Gets the size of the type, in bytes, if known.
@@ -206,7 +206,7 @@ class IRFloatingPointType extends IRNumericType, TIRFloatingPointType {
IRFloatingPointType() { this = TIRFloatingPointType(_, base, domain) }
final override string toString() {
result = getDomainPrefix() + getBaseString() + byteSize.toString()
result = this.getDomainPrefix() + this.getBaseString() + byteSize.toString()
}
final override Language::LanguageType getCanonicalLanguageType() {

6
csharp/ql/src/experimental/ir/implementation/Opcode.qll
View File

@@ -135,11 +135,11 @@ class Opcode extends TOpcode {
* Holds if the instruction must have an operand with the specified `OperandTag`.
*/
final predicate hasOperand(OperandTag tag) {
hasOperandInternal(tag)
this.hasOperandInternal(tag)
or
hasAddressOperand() and tag instanceof AddressOperandTag
this.hasAddressOperand() and tag instanceof AddressOperandTag
or
hasBufferSizeOperand() and tag instanceof BufferSizeOperandTag
this.hasBufferSizeOperand() and tag instanceof BufferSizeOperandTag
}
/**

4
csharp/ql/src/experimental/ir/implementation/internal/OperandTag.qll
View File

@@ -40,7 +40,9 @@ abstract class OperandTag extends TOperandTag {
/**
* Gets a label that will appear before the operand when the IR is printed.
*/
final string getLabel() { if alwaysPrintLabel() then result = getId() + ":" else result = "" }
final string getLabel() {
if this.alwaysPrintLabel() then result = this.getId() + ":" else result = ""
}
/**
* Gets an identifier that uniquely identifies this operand within its instruction.

6
csharp/ql/src/experimental/ir/implementation/internal/TInstruction.qll
View File

@@ -73,9 +73,6 @@ module UnaliasedSsaInstructions {
}
}
/** DEPRECATED: Alias for UnaliasedSsaInstructions */
deprecated module UnaliasedSSAInstructions = UnaliasedSsaInstructions;
/**
* Provides wrappers for the constructors of each branch of `TInstruction` that is used by the
* aliased SSA stage.
@@ -107,6 +104,3 @@ module AliasedSsaInstructions {
result = TAliasedSsaUnreachedInstruction(irFunc)
}
}
/** DEPRECATED: Alias for AliasedSsaInstructions */
deprecated module AliasedSSAInstructions = AliasedSsaInstructions;

11
csharp/ql/src/experimental/ir/implementation/internal/TOperand.qll
View File

@@ -59,20 +59,12 @@ private module Shared {
class TNonSsaMemoryOperand = Internal::TNonSsaMemoryOperand;
/** DEPRECATED: Alias for TNonSsaMemoryOperand */
deprecated class TNonSSAMemoryOperand = TNonSsaMemoryOperand;
/**
* Returns the non-Phi memory operand with the specified parameters.
*/
TNonSsaMemoryOperand nonSsaMemoryOperand(TRawInstruction useInstr, MemoryOperandTag tag) {
result = Internal::TNonSsaMemoryOperand(useInstr, tag)
}
/** DEPRECATED: Alias for nonSsaMemoryOperand */
deprecated TNonSSAMemoryOperand nonSSAMemoryOperand(TRawInstruction useInstr, MemoryOperandTag tag) {
result = nonSsaMemoryOperand(useInstr, tag)
}
}
/**
@@ -156,6 +148,3 @@ module UnaliasedSsaOperands {
*/
TChiOperand chiOperand(Unaliased::Instruction useInstr, ChiOperandTag tag) { none() }
}
/** DEPRECATED: Alias for UnaliasedSsaOperands */
deprecated module UnaliasedSSAOperands = UnaliasedSsaOperands;

12
csharp/ql/src/experimental/ir/implementation/raw/IR.qll
View File

@@ -77,4 +77,16 @@ class IRPropertyProvider extends TIRPropertyProvider {
* Gets the value of the property named `key` for the specified operand.
*/
string getOperandProperty(Operand operand, string key) { none() }
/**
* Holds if the instruction `instr` should be included when printing
* the IR instructions.
*/
predicate shouldPrintInstruction(Instruction instr) { any() }
/**
* Holds if the operand `operand` should be included when printing the an
* instruction's operand list.
*/
predicate shouldPrintOperand(Operand operand) { any() }
}

4
csharp/ql/src/experimental/ir/implementation/raw/IRFunction.qll
View File

@@ -45,7 +45,9 @@ class IRFunction extends IRFunctionBase {
* Gets the block containing the entry point of this function.
*/
pragma[noinline]
final IRBlock getEntryBlock() { result.getFirstInstruction() = getEnterFunctionInstruction() }
final IRBlock getEntryBlock() {
result.getFirstInstruction() = this.getEnterFunctionInstruction()
}
/**
* Gets all instructions in this function.

25
csharp/ql/src/experimental/ir/implementation/raw/IRVariable.qll
View File

@@ -39,12 +39,12 @@ class IRVariable extends TIRVariable {
/**
* Gets the type of the variable.
*/
final Language::Type getType() { getLanguageType().hasType(result, false) }
final Language::Type getType() { this.getLanguageType().hasType(result, false) }
/**
* Gets the language-neutral type of the variable.
*/
final IRType getIRType() { result = getLanguageType().getIRType() }
final IRType getIRType() { result = this.getLanguageType().getIRType() }
/**
* Gets the type of the variable.
@@ -58,7 +58,7 @@ class IRVariable extends TIRVariable {
Language::AST getAst() { none() }
/** DEPRECATED: Alias for getAst */
deprecated Language::AST getAST() { result = getAst() }
deprecated Language::AST getAST() { result = this.getAst() }
/**
* Gets an identifier string for the variable. This identifier is unique
@@ -69,7 +69,7 @@ class IRVariable extends TIRVariable {
/**
* Gets the source location of this variable.
*/
final Language::Location getLocation() { result = getAst().getLocation() }
final Language::Location getLocation() { result = this.getAst().getLocation() }
/**
* Gets the IR for the function that references this variable.
@@ -91,15 +91,15 @@ class IRUserVariable extends IRVariable, TIRUserVariable {
IRUserVariable() { this = TIRUserVariable(var, type, func) }
final override string toString() { result = getVariable().toString() }
final override string toString() { result = this.getVariable().toString() }
final override Language::AST getAst() { result = var }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = getAst() }
deprecated override Language::AST getAST() { result = this.getAst() }
final override string getUniqueId() {
result = getVariable().toString() + " " + getVariable().getLocation().toString()
result = this.getVariable().toString() + " " + this.getVariable().getLocation().toString()
}
final override Language::LanguageType getLanguageType() { result = type }
@@ -166,9 +166,9 @@ class IRGeneratedVariable extends IRVariable {
final override Language::AST getAst() { result = ast }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = getAst() }
deprecated override Language::AST getAST() { result = this.getAst() }
override string toString() { result = getBaseString() + getLocationString() }
override string toString() { result = this.getBaseString() + this.getLocationString() }
override string getUniqueId() { none() }
@@ -272,7 +272,7 @@ class IRStringLiteral extends IRGeneratedVariable, TIRStringLiteral {
final override predicate isReadOnly() { any() }
final override string getUniqueId() {
result = "String: " + getLocationString() + "=" + Language::getStringLiteralText(literal)
result = "String: " + this.getLocationString() + "=" + Language::getStringLiteralText(literal)
}
final override string getBaseString() { result = "#string" }
@@ -303,7 +303,8 @@ class IRDynamicInitializationFlag extends IRGeneratedVariable, TIRDynamicInitial
final Language::Variable getVariable() { result = var }
final override string getUniqueId() {
result = "Init: " + getVariable().toString() + " " + getVariable().getLocation().toString()
result =
"Init: " + this.getVariable().toString() + " " + this.getVariable().getLocation().toString()
}
final override string getBaseString() { result = "#init:" + var.toString() + ":" }
@@ -332,5 +333,5 @@ class IRParameter extends IRAutomaticVariable {
* An IR variable representing a positional parameter.
*/
class IRPositionalParameter extends IRParameter, IRAutomaticUserVariable {
final override int getIndex() { result = getVariable().(Language::Parameter).getIndex() }
final override int getIndex() { result = this.getVariable().(Language::Parameter).getIndex() }
}

6
csharp/ql/src/experimental/ir/implementation/raw/Instruction.qll
View File

@@ -210,9 +210,6 @@ class Instruction extends Construction::TStageInstruction {
*/
final Language::AST getAst() { result = Construction::getInstructionAst(this) }
/** DEPRECATED: Alias for getAst */
deprecated Language::AST getAST() { result = this.getAst() }
/**
* Gets the location of the source code for this instruction.
*/
@@ -463,9 +460,6 @@ class VariableInstruction extends Instruction {
* Gets the AST variable that this instruction's IR variable refers to, if one exists.
*/
final Language::Variable getAstVariable() { result = var.(IRUserVariable).getVariable() }
/** DEPRECATED: Alias for getAstVariable */
deprecated Language::Variable getASTVariable() { result = this.getAstVariable() }
}
/**

27
csharp/ql/src/experimental/ir/implementation/raw/PrintIR.qll
View File

@@ -42,6 +42,14 @@ private predicate shouldPrintFunction(Language::Declaration decl) {
exists(PrintIRConfiguration config | config.shouldPrintFunction(decl))
}
private predicate shouldPrintInstruction(Instruction i) {
exists(IRPropertyProvider provider | provider.shouldPrintInstruction(i))
}
private predicate shouldPrintOperand(Operand operand) {
exists(IRPropertyProvider provider | provider.shouldPrintOperand(operand))
}
private string getAdditionalInstructionProperty(Instruction instr, string key) {
exists(IRPropertyProvider provider | result = provider.getInstructionProperty(instr, key))
}
@@ -84,7 +92,9 @@ private string getOperandPropertyString(Operand operand) {
private newtype TPrintableIRNode =
TPrintableIRFunction(IRFunction irFunc) { shouldPrintFunction(irFunc.getFunction()) } or
TPrintableIRBlock(IRBlock block) { shouldPrintFunction(block.getEnclosingFunction()) } or
TPrintableInstruction(Instruction instr) { shouldPrintFunction(instr.getEnclosingFunction()) }
TPrintableInstruction(Instruction instr) {
shouldPrintInstruction(instr) and shouldPrintFunction(instr.getEnclosingFunction())
}
/**
* A node to be emitted in the IR graph.
@@ -127,13 +137,13 @@ abstract private class PrintableIRNode extends TPrintableIRNode {
* Gets the value of the node property with the specified key.
*/
string getProperty(string key) {
key = "semmle.label" and result = getLabel()
key = "semmle.label" and result = this.getLabel()
or
key = "semmle.order" and result = getOrder().toString()
key = "semmle.order" and result = this.getOrder().toString()
or
key = "semmle.graphKind" and result = getGraphKind()
key = "semmle.graphKind" and result = this.getGraphKind()
or
key = "semmle.forceText" and forceText() and result = "true"
key = "semmle.forceText" and this.forceText() and result = "true"
}
}
@@ -178,7 +188,7 @@ private class PrintableIRBlock extends PrintableIRNode, TPrintableIRBlock {
PrintableIRBlock() { this = TPrintableIRBlock(block) }
override string toString() { result = getLabel() }
override string toString() { result = this.getLabel() }
override Language::Location getLocation() { result = block.getLocation() }
@@ -223,7 +233,7 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio
|
resultString = instr.getResultString() and
operationString = instr.getOperationString() and
operandsString = getOperandsString() and
operandsString = this.getOperandsString() and
columnWidths(block, resultWidth, operationWidth) and
result =
resultString + getPaddingString(resultWidth - resultString.length()) + " = " +
@@ -252,7 +262,8 @@ private class PrintableInstruction extends PrintableIRNode, TPrintableInstructio
private string getOperandsString() {
result =
concat(Operand operand |
operand = instr.getAnOperand()
operand = instr.getAnOperand() and
shouldPrintOperand(operand)
|
operand.getDumpString() + getOperandPropertyString(operand), ", "
order by

10
csharp/ql/src/experimental/ir/implementation/raw/gvn/ValueNumbering.qll
View File

@@ -7,17 +7,19 @@ private import internal.ValueNumberingImports
class ValueNumber extends TValueNumber {
final string toString() { result = "GVN" }
final string getDebugString() { result = strictconcat(getAnInstruction().getResultId(), ", ") }
final string getDebugString() {
result = strictconcat(this.getAnInstruction().getResultId(), ", ")
}
final Language::Location getLocation() {
if
exists(Instruction i |
i = getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation
i = this.getAnInstruction() and not i.getLocation() instanceof Language::UnknownLocation
)
then
result =
min(Language::Location l |
l = getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation
l = this.getAnInstruction().getLocation() and not l instanceof Language::UnknownLocation
|
l
order by
@@ -40,7 +42,7 @@ class ValueNumber extends TValueNumber {
final Instruction getExampleInstruction() {
result =
min(Instruction instr |
instr = getAnInstruction()
instr = this.getAnInstruction()
|
instr order by instr.getBlock().getDisplayIndex(), instr.getDisplayIndexInBlock()
)

6
csharp/ql/src/experimental/ir/implementation/raw/internal/IRConstruction.qll
View File

@@ -378,12 +378,6 @@ private module Cached {
result = getInstructionTranslatedElement(instruction).getAst()
}
/** DEPRECATED: Alias for getInstructionAst */
cached
deprecated Language::AST getInstructionAST(Instruction instruction) {
result = getInstructionAst(instruction)
}
cached
CSharpType getInstructionResultType(Instruction instruction) {
getInstructionTranslatedElement(instruction)

3
csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedCondition.qll
View File

@@ -17,9 +17,6 @@ abstract class TranslatedCondition extends ConditionBase {
final override Language::AST getAst() { result = expr }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = this.getAst() }
final Expr getExpr() { result = expr }
final override Callable getFunction() { result = expr.getEnclosingCallable() }

3
csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedDeclaration.qll
View File

@@ -30,9 +30,6 @@ abstract class TranslatedLocalDeclaration extends TranslatedElement, TTranslated
final override string toString() { result = expr.toString() }
final override Language::AST getAst() { result = expr }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = this.getAst() }
}
/**

3
csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedElement.qll
View File

@@ -366,9 +366,6 @@ abstract class TranslatedElement extends TTranslatedElement {
*/
abstract Language::AST getAst();
/** DEPRECATED: Alias for getAst */
deprecated Language::AST getAST() { result = this.getAst() }
/**
* Get the first instruction to be executed in the evaluation of this element.
*/

3
csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedExpr.qll
View File

@@ -63,9 +63,6 @@ abstract class TranslatedExpr extends TranslatedExprBase {
final override Language::AST getAst() { result = expr }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = this.getAst() }
final override Callable getFunction() { result = expr.getEnclosingCallable() }
/**

6
csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedFunction.qll
View File

@@ -30,9 +30,6 @@ class TranslatedFunction extends TranslatedElement, TTranslatedFunction {
final override Language::AST getAst() { result = callable }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = this.getAst() }
/**
* Gets the function being translated.
*/
@@ -287,9 +284,6 @@ class TranslatedParameter extends TranslatedElement, TTranslatedParameter {
final override Language::AST getAst() { result = param }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = this.getAst() }
final override Callable getFunction() { result = param.getCallable() }
final override Instruction getFirstInstruction() {

9
csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedInitialization.qll
View File

@@ -52,9 +52,6 @@ abstract class TranslatedInitialization extends TranslatedElement, TTranslatedIn
final override Language::AST getAst() { result = expr }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = this.getAst() }
/**
* Gets the expression that is doing the initialization.
*/
@@ -210,9 +207,6 @@ abstract class TranslatedElementInitialization extends TranslatedElement {
final override Language::AST getAst() { result = initList }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = this.getAst() }
final override Callable getFunction() { result = initList.getEnclosingCallable() }
final override Instruction getFirstInstruction() {
@@ -319,9 +313,6 @@ abstract class TranslatedConstructorCallFromConstructor extends TranslatedElemen
final override Language::AST getAst() { result = call }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = this.getAst() }
final override TranslatedElement getChild(int id) {
id = 0 and result = this.getConstructorCall()
}

3
csharp/ql/src/experimental/ir/implementation/raw/internal/TranslatedStmt.qll
View File

@@ -26,9 +26,6 @@ abstract class TranslatedStmt extends TranslatedElement, TTranslatedStmt {
final override Language::AST getAst() { result = stmt }
/** DEPRECATED: Alias for getAst */
deprecated override Language::AST getAST() { result = this.getAst() }
final override Callable getFunction() { result = stmt.getEnclosingCallable() }
}

66
csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedCallBase.qll
View File

@@ -21,26 +21,26 @@ abstract class TranslatedCallBase extends TranslatedElement {
// though the `this` argument exists and is the result of the instruction
// that allocated the new object. For those calls, `getQualifier()` should
// be void.
id = -1 and result = getQualifier()
id = -1 and result = this.getQualifier()
or
result = getArgument(id)
result = this.getArgument(id)
}
final override Instruction getFirstInstruction() {
if exists(getQualifier())
then result = getQualifier().getFirstInstruction()
else result = getInstruction(CallTargetTag())
if exists(this.getQualifier())
then result = this.getQualifier().getFirstInstruction()
else result = this.getInstruction(CallTargetTag())
}
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) {
tag = CallTag() and
opcode instanceof Opcode::Call and
resultType = getTypeForPRValue(getCallResultType())
resultType = getTypeForPRValue(this.getCallResultType())
or
hasSideEffect() and
this.hasSideEffect() and
tag = CallSideEffectTag() and
(
if hasWriteSideEffect()
if this.hasWriteSideEffect()
then (
opcode instanceof Opcode::CallSideEffect and
resultType = getUnknownType()
@@ -58,14 +58,14 @@ abstract class TranslatedCallBase extends TranslatedElement {
}
override Instruction getChildSuccessor(TranslatedElement child) {
child = getQualifier() and
result = getInstruction(CallTargetTag())
child = this.getQualifier() and
result = this.getInstruction(CallTargetTag())
or
exists(int argIndex |
child = getArgument(argIndex) and
if exists(getArgument(argIndex + 1))
then result = getArgument(argIndex + 1).getFirstInstruction()
else result = getInstruction(CallTag())
child = this.getArgument(argIndex) and
if exists(this.getArgument(argIndex + 1))
then result = this.getArgument(argIndex + 1).getFirstInstruction()
else result = this.getInstruction(CallTag())
)
}
@@ -74,18 +74,18 @@ abstract class TranslatedCallBase extends TranslatedElement {
(
(
tag = CallTag() and
if hasSideEffect()
then result = getInstruction(CallSideEffectTag())
else result = getParent().getChildSuccessor(this)
if this.hasSideEffect()
then result = this.getInstruction(CallSideEffectTag())
else result = this.getParent().getChildSuccessor(this)
)
or
hasSideEffect() and
this.hasSideEffect() and
tag = CallSideEffectTag() and
result = getParent().getChildSuccessor(this)
result = this.getParent().getChildSuccessor(this)
or
tag = CallTargetTag() and
kind instanceof GotoEdge and
result = getFirstArgumentOrCallInstruction()
result = this.getFirstArgumentOrCallInstruction()
)
}
@@ -93,26 +93,26 @@ abstract class TranslatedCallBase extends TranslatedElement {
tag = CallTag() and
(
operandTag instanceof CallTargetOperandTag and
result = getInstruction(CallTargetTag())
result = this.getInstruction(CallTargetTag())
or
operandTag instanceof ThisArgumentOperandTag and
result = getQualifierResult()
result = this.getQualifierResult()
or
exists(PositionalArgumentOperandTag argTag |
argTag = operandTag and
result = getArgument(argTag.getArgIndex()).getResult()
result = this.getArgument(argTag.getArgIndex()).getResult()
)
)
}
final override CSharpType getInstructionOperandType(InstructionTag tag, TypedOperandTag operandTag) {
tag = CallSideEffectTag() and
hasSideEffect() and
this.hasSideEffect() and
operandTag instanceof SideEffectOperandTag and
result = getUnknownType()
}
Instruction getResult() { result = getInstruction(CallTag()) }
Instruction getResult() { result = this.getInstruction(CallTag()) }
/**
* Gets the result type of the call.
@@ -122,7 +122,7 @@ abstract class TranslatedCallBase extends TranslatedElement {
/**
* Holds if the call has a `this` argument.
*/
predicate hasQualifier() { exists(getQualifier()) }
predicate hasQualifier() { exists(this.getQualifier()) }
/**
* Gets the expr for the qualifier of the call.
@@ -150,25 +150,25 @@ abstract class TranslatedCallBase extends TranslatedElement {
* argument. Otherwise, returns the call instruction.
*/
final Instruction getFirstArgumentOrCallInstruction() {
if hasArguments()
then result = getArgument(0).getFirstInstruction()
else result = getInstruction(CallTag())
if this.hasArguments()
then result = this.getArgument(0).getFirstInstruction()
else result = this.getInstruction(CallTag())
}
/**
* Holds if the call has any arguments, not counting the `this` argument.
*/
final predicate hasArguments() { exists(getArgument(0)) }
final predicate hasArguments() { exists(this.getArgument(0)) }
predicate hasReadSideEffect() { any() }
predicate hasWriteSideEffect() { any() }
private predicate hasSideEffect() { hasReadSideEffect() or hasWriteSideEffect() }
private predicate hasSideEffect() { this.hasReadSideEffect() or this.hasWriteSideEffect() }
override Instruction getPrimaryInstructionForSideEffect(InstructionTag tag) {
hasSideEffect() and
this.hasSideEffect() and
tag = CallSideEffectTag() and
result = getResult()
result = this.getResult()
}
}

16
csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedConditionBase.qll
View File

@@ -27,7 +27,7 @@ abstract class ConditionContext extends TranslatedElement {
* and the compiler generated ones (captures the common patterns).
*/
abstract class ConditionBase extends TranslatedElement {
final ConditionContext getConditionContext() { result = getParent() }
final ConditionContext getConditionContext() { result = this.getParent() }
}
/**
@@ -35,9 +35,9 @@ abstract class ConditionBase extends TranslatedElement {
* and the compiler generated ones (captures the common patterns).
*/
abstract class ValueConditionBase extends ConditionBase {
override TranslatedElement getChild(int id) { id = 0 and result = getValueExpr() }
override TranslatedElement getChild(int id) { id = 0 and result = this.getValueExpr() }
override Instruction getFirstInstruction() { result = getValueExpr().getFirstInstruction() }
override Instruction getFirstInstruction() { result = this.getValueExpr().getFirstInstruction() }
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) {
tag = ValueConditionConditionalBranchTag() and
@@ -46,25 +46,25 @@ abstract class ValueConditionBase extends ConditionBase {
}
override Instruction getChildSuccessor(TranslatedElement child) {
child = getValueExpr() and
result = getInstruction(ValueConditionConditionalBranchTag())
child = this.getValueExpr() and
result = this.getInstruction(ValueConditionConditionalBranchTag())
}
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
tag = ValueConditionConditionalBranchTag() and
(
kind instanceof TrueEdge and
result = getConditionContext().getChildTrueSuccessor(this)
result = this.getConditionContext().getChildTrueSuccessor(this)
or
kind instanceof FalseEdge and
result = getConditionContext().getChildFalseSuccessor(this)
result = this.getConditionContext().getChildFalseSuccessor(this)
)
}
override Instruction getInstructionOperand(InstructionTag tag, OperandTag operandTag) {
tag = ValueConditionConditionalBranchTag() and
operandTag instanceof ConditionOperandTag and
result = valueExprResult()
result = this.valueExprResult()
}
/**

34
csharp/ql/src/experimental/ir/implementation/raw/internal/common/TranslatedDeclarationBase.qll
View File

@@ -15,49 +15,49 @@ private import experimental.ir.internal.CSharpType
private import experimental.ir.internal.IRCSharpLanguage as Language
abstract class LocalVariableDeclarationBase extends TranslatedElement {
override TranslatedElement getChild(int id) { id = 0 and result = getInitialization() }
override TranslatedElement getChild(int id) { id = 0 and result = this.getInitialization() }
override Instruction getFirstInstruction() { result = getVarAddress() }
override Instruction getFirstInstruction() { result = this.getVarAddress() }
override predicate hasInstruction(Opcode opcode, InstructionTag tag, CSharpType resultType) {
tag = InitializerVariableAddressTag() and
opcode instanceof Opcode::VariableAddress and
resultType = getTypeForGLValue(getVarType())
resultType = getTypeForGLValue(this.getVarType())
or
hasUninitializedInstruction() and
this.hasUninitializedInstruction() and
tag = InitializerStoreTag() and
opcode instanceof Opcode::Uninitialized and
resultType = getTypeForPRValue(getVarType())
resultType = getTypeForPRValue(this.getVarType())
}
override Instruction getInstructionSuccessor(InstructionTag tag, EdgeKind kind) {
(
tag = InitializerVariableAddressTag() and
kind instanceof GotoEdge and
if hasUninitializedInstruction()
then result = getInstruction(InitializerStoreTag())
else result = getInitialization().getFirstInstruction()
if this.hasUninitializedInstruction()
then result = this.getInstruction(InitializerStoreTag())
else result = this.getInitialization().getFirstInstruction()
)
or
hasUninitializedInstruction() and
this.hasUninitializedInstruction() and
kind instanceof GotoEdge and
tag = InitializerStoreTag() and
(
result = getInitialization().getFirstInstruction()
result = this.getInitialization().getFirstInstruction()
or
not exists(getInitialization()) and result = getParent().getChildSuccessor(this)
not exists(this.getInitialization()) and result = this.getParent().getChildSuccessor(this)
)
}
override Instruction getChildSuccessor(TranslatedElement child) {
child = getInitialization() and result = getParent().getChildSuccessor(this)
child = this.getInitialization() and result = this.getParent().getChildSuccessor(this)
}
override Instruction getInstructionOperand(InstructionTag tag, OperandTag operandTag) {
hasUninitializedInstruction() and
this.hasUninitializedInstruction() and
tag = InitializerStoreTag() and
operandTag instanceof AddressOperandTag and
result = getVarAddress()
result = this.getVarAddress()
}
/**
@@ -67,11 +67,11 @@ abstract class LocalVariableDeclarationBase extends TranslatedElement {
* desugaring process.
*/
predicate hasUninitializedInstruction() {
not exists(getInitialization()) or
getInitialization() instanceof TranslatedListInitialization
not exists(this.getInitialization()) or
this.getInitialization() instanceof TranslatedListInitialization
}
Instruction getVarAddress() { result = getInstruction(InitializerVariableAddressTag()) }
Instruction getVarAddress() { result = this.getInstruction(InitializerVariableAddressTag()) }
/**
* Gets the declared variable. For compiler generated elements, this

Some files were not shown because too many files have changed in this diff Show More