C#: Restrict FormatInvalid.ql and UncontrolledFormatString.ql to calls with insertions

csharp/ql/src/API Abuse/FormatInvalid.ql

@@ -14,5 +14,7 @@ import semmle.code.csharp.frameworks.Format
 import FormatFlow
 
 from FormatCall s, InvalidFormatString src, PathNode source, PathNode sink
-where hasFlowPath(src, source, s, sink)
+where
+  hasFlowPath(src, source, s, sink) and
+  s.hasInsertions()
 select src, source, sink, "Invalid format string used in $@ formatting call.", s, "this"

csharp/ql/src/API Abuse/FormatInvalidBad.cs

@@ -4,6 +4,6 @@ class Bad
 {
     string GenerateEmptyClass(string c)
     {
-        return string.Format("class {0} { }");
+        return string.Format("class {0} { }", "C");
     }
 }