C#: Align telemetry implementation with Java.

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/AllSinks.qll

@@ -1,84 +0,0 @@
-/** Provides classes representing various flow sinks for data flow / taint tracking. */
-
-private import semmle.code.csharp.dataflow.internal.ExternalFlow
-
-/**
- * A data flow sink node.
- */
-abstract class SinkNode extends DataFlow::Node { }
-
-/**
- * Module that adds all sinks to `SinkNode`, excluding sinks for cryptography based
- * queries, and queries where sinks are not succifiently explicit.
- */
-private module AllSinks {
-  private import ParallelSink as ParallelSink
-  private import Remote as Remote
-  private import semmle.code.csharp.security.dataflow.CodeInjectionQuery as CodeInjectionQuery
-  private import semmle.code.csharp.security.dataflow.ConditionalBypassQuery as ConditionalBypassQuery
-  private import semmle.code.csharp.security.dataflow.ExposureOfPrivateInformationQuery as ExposureOfPrivateInformationQuery
-  private import semmle.code.csharp.security.dataflow.HardcodedCredentialsQuery as HardcodedCredentialsQuery
-  private import semmle.code.csharp.security.dataflow.LDAPInjectionQuery as LdapInjectionQuery
-  private import semmle.code.csharp.security.dataflow.LogForgingQuery as LogForgingQuery
-  private import semmle.code.csharp.security.dataflow.MissingXMLValidationQuery as MissingXmlValidationQuery
-  private import semmle.code.csharp.security.dataflow.ReDoSQuery as ReDosQuery
-  private import semmle.code.csharp.security.dataflow.RegexInjectionQuery as RegexInjectionQuery
-  private import semmle.code.csharp.security.dataflow.ResourceInjectionQuery as ResourceInjectionQuery
-  private import semmle.code.csharp.security.dataflow.SqlInjectionQuery as SqlInjectionQuery
-  private import semmle.code.csharp.security.dataflow.TaintedPathQuery as TaintedPathQuery
-  private import semmle.code.csharp.security.dataflow.UnsafeDeserializationQuery as UnsafeDeserializationQuery
-  private import semmle.code.csharp.security.dataflow.UrlRedirectQuery as UrlRedirectQuery
-  private import semmle.code.csharp.security.dataflow.XMLEntityInjectionQuery as XmlEntityInjectionQuery
-  private import semmle.code.csharp.security.dataflow.XPathInjectionQuery as XpathInjectionQuery
-  private import semmle.code.csharp.security.dataflow.XSSSinks as XssSinks
-  private import semmle.code.csharp.security.dataflow.ZipSlipQuery as ZipSlipQuery
-
-  private class ParallelSink extends SinkNode instanceof ParallelSink::ParallelSink { }
-
-  private class RemoteSinkFlowSinks extends SinkNode instanceof Remote::RemoteFlowSink { }
-
-  private class CodeInjectionSink extends SinkNode instanceof CodeInjectionQuery::Sink { }
-
-  private class ConditionalBypassSink extends SinkNode instanceof ConditionalBypassQuery::Sink { }
-
-  private class ExposureOfPrivateInformationSink extends SinkNode instanceof ExposureOfPrivateInformationQuery::Sink
-  { }
-
-  private class HardcodedCredentialsSink extends SinkNode instanceof HardcodedCredentialsQuery::Sink
-  { }
-
-  private class LdapInjectionSink extends SinkNode instanceof LdapInjectionQuery::Sink { }
-
-  private class LogForgingSink extends SinkNode instanceof LogForgingQuery::Sink { }
-
-  private class MissingXmlValidationSink extends SinkNode instanceof MissingXmlValidationQuery::Sink
-  { }
-
-  private class ReDosSink extends SinkNode instanceof ReDosQuery::Sink { }
-
-  private class RegexInjectionSink extends SinkNode instanceof RegexInjectionQuery::Sink { }
-
-  private class ResourceInjectionSink extends SinkNode instanceof ResourceInjectionQuery::Sink { }
-
-  private class SqlInjectionSink extends SinkNode instanceof SqlInjectionQuery::Sink { }
-
-  private class TaintedPathSink extends SinkNode instanceof TaintedPathQuery::Sink { }
-
-  private class UnsafeDeserializationSink extends SinkNode instanceof UnsafeDeserializationQuery::Sink
-  { }
-
-  private class UrlRedirectSink extends SinkNode instanceof UrlRedirectQuery::Sink { }
-
-  private class XmlEntityInjectionSink extends SinkNode instanceof XmlEntityInjectionQuery::Sink { }
-
-  private class XpathInjectionSink extends SinkNode instanceof XpathInjectionQuery::Sink { }
-
-  private class XssSink extends SinkNode instanceof XssSinks::Sink { }
-
-  /**
-   * Add all models as data sinks.
-   */
-  private class SinkNodeExternal extends SinkNode {
-    SinkNodeExternal() { sinkNode(this, _) }
-  }
-}

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ApiSinks.qll

@@ -0,0 +1,35 @@
+/** Provides classes representing various flow sinks for data flow / taint tracking. */
+
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
+
+/**
+ * A data flow sink node.
+ */
+final class SinkNode = ApiSinkNode;
+
+/**
+ * Module that adds all API like sinks to `SinkNode`, excluding sinks for cryptography based
+ * queries, and queries where sinks are not succifiently defined (eg. using broad method name matching).
+ */
+private module AllApiSinks {
+  private import ParallelSink
+  private import Remote
+  private import semmle.code.csharp.security.dataflow.CodeInjectionQuery as CodeInjectionQuery
+  private import semmle.code.csharp.security.dataflow.ConditionalBypassQuery as ConditionalBypassQuery
+  private import semmle.code.csharp.security.dataflow.ExposureOfPrivateInformationQuery as ExposureOfPrivateInformationQuery
+  private import semmle.code.csharp.security.dataflow.HardcodedCredentialsQuery as HardcodedCredentialsQuery
+  private import semmle.code.csharp.security.dataflow.LDAPInjectionQuery as LdapInjectionQuery
+  private import semmle.code.csharp.security.dataflow.LogForgingQuery as LogForgingQuery
+  private import semmle.code.csharp.security.dataflow.MissingXMLValidationQuery as MissingXmlValidationQuery
+  private import semmle.code.csharp.security.dataflow.ReDoSQuery as ReDosQuery
+  private import semmle.code.csharp.security.dataflow.RegexInjectionQuery as RegexInjectionQuery
+  private import semmle.code.csharp.security.dataflow.ResourceInjectionQuery as ResourceInjectionQuery
+  private import semmle.code.csharp.security.dataflow.SqlInjectionQuery as SqlInjectionQuery
+  private import semmle.code.csharp.security.dataflow.TaintedPathQuery as TaintedPathQuery
+  private import semmle.code.csharp.security.dataflow.UnsafeDeserializationQuery as UnsafeDeserializationQuery
+  private import semmle.code.csharp.security.dataflow.UrlRedirectQuery as UrlRedirectQuery
+  private import semmle.code.csharp.security.dataflow.XMLEntityInjectionQuery as XmlEntityInjectionQuery
+  private import semmle.code.csharp.security.dataflow.XPathInjectionQuery as XpathInjectionQuery
+  private import semmle.code.csharp.security.dataflow.ZipSlipQuery as ZipSlipQuery
+}

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import FlowSinks
 private import Remote
 private import semmle.code.csharp.commons.Loggers
 private import semmle.code.csharp.frameworks.system.Web
@@ -16,7 +17,7 @@ private import semmle.code.csharp.dataflow.internal.ExternalFlow
  * which the application may have no access control. For example, files on a local or remote
  * filesystem (including log files and cookies).
  */
-abstract class ExternalLocationSink extends DataFlow::ExprNode { }
+abstract class ExternalLocationSink extends ApiSinkExprNode { }
 
 private class ExternalModelSink extends ExternalLocationSink {
   ExternalModelSink() { sinkNode(this, "file-content-store") }

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/FlowSinks.qll

@@ -0,0 +1,23 @@
+/** Provides classes representing various flow sinks for data flow / taint tracking. */
+
+private import csharp
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
+
+/**
+ * A data flow sink node for an API, which should be considered
+ * supported from a modeling perspective.
+ */
+abstract class ApiSinkNode extends DataFlow::Node { }
+
+/**
+ * A data flow sink expression node for an API, which should be considered
+ * supported from a modeling perspective.
+ */
+abstract class ApiSinkExprNode extends ApiSinkNode, DataFlow::ExprNode { }
+
+/**
+ * Add all sink models as data sinks.
+ */
+private class ApiSinkNodeExternal extends ApiSinkNode {
+  ApiSinkNodeExternal() { sinkNode(this, _) }
+}

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/ParallelSink.qll

@@ -3,11 +3,12 @@
  */
 
 import csharp
+private import FlowSinks
 
 /**
  * A data flow sink node for parallel execution.
  */
-abstract class ParallelSink extends DataFlow::Node { }
+abstract class ParallelSink extends ApiSinkNode { }
 
 /**
  * A data flow sink node for lambda parallel sink.

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Remote.qll

@@ -5,12 +5,13 @@
 import csharp
 private import Email::Email
 private import ExternalLocationSink
+private import FlowSinks
 private import Html
 private import semmle.code.csharp.security.dataflow.XSSSinks as XssSinks
 private import semmle.code.csharp.frameworks.system.web.UI
 
 /** A data flow sink of remote user output. */
-abstract class RemoteFlowSink extends DataFlow::Node { }
+abstract class RemoteFlowSink extends ApiSinkNode { }
 
 /**
  * A value written to the `[Inner]Text` property of an object defined in the