C#: Add some more constructor dataflow tests.

csharp/ql/test/library-tests/dataflow/constructors/ConstructorFlow.expected

@@ -1,4 +1,8 @@
 testFailures
+| Constructors.cs:70:25:70:43 | // ... | Missing result:hasValueFlow=2 |
+| Constructors.cs:71:25:71:43 | // ... | Missing result:hasValueFlow=3 |
+| Constructors.cs:72:25:72:43 | // ... | Missing result:hasValueFlow=2 |
+| Constructors.cs:83:25:83:43 | // ... | Missing result:hasValueFlow=4 |
 edges
 | Constructors.cs:5:24:5:25 | [post] this access : C_no_ctor [field s1] : Object | Constructors.cs:9:27:9:41 | object creation of type C_no_ctor : C_no_ctor [field s1] : Object |
 | Constructors.cs:5:24:5:25 | [post] this access : C_no_ctor [field s1] : Object | Constructors.cs:9:27:9:41 | object creation of type C_no_ctor : C_no_ctor [field s1] : Object |
@@ -24,6 +28,20 @@ edges
 | Constructors.cs:31:21:31:22 | this : C_with_ctor [field s1] : Object | Constructors.cs:33:18:33:19 | this access : C_with_ctor [field s1] : Object |
 | Constructors.cs:33:18:33:19 | this access : C_with_ctor [field s1] : Object | Constructors.cs:33:18:33:19 | access to field s1 |
 | Constructors.cs:33:18:33:19 | this access : C_with_ctor [field s1] : Object | Constructors.cs:33:18:33:19 | access to field s1 |
+| Constructors.cs:41:26:41:26 | o : Object | Constructors.cs:41:38:41:38 | access to parameter o : Object |
+| Constructors.cs:41:26:41:26 | o : Object | Constructors.cs:41:38:41:38 | access to parameter o : Object |
+| Constructors.cs:41:38:41:38 | access to parameter o : Object | Constructors.cs:41:32:41:34 | [post] this access : C1 [field Obj] : Object |
+| Constructors.cs:41:38:41:38 | access to parameter o : Object | Constructors.cs:41:32:41:34 | [post] this access : C1 [field Obj] : Object |
+| Constructors.cs:60:17:60:33 | call to method Source<Object> : Object | Constructors.cs:61:25:61:25 | access to local variable o : Object |
+| Constructors.cs:60:17:60:33 | call to method Source<Object> : Object | Constructors.cs:61:25:61:25 | access to local variable o : Object |
+| Constructors.cs:61:18:61:26 | object creation of type C1 : C1 [field Obj] : Object | Constructors.cs:62:14:62:15 | access to local variable c1 : C1 [field Obj] : Object |
+| Constructors.cs:61:18:61:26 | object creation of type C1 : C1 [field Obj] : Object | Constructors.cs:62:14:62:15 | access to local variable c1 : C1 [field Obj] : Object |
+| Constructors.cs:61:25:61:25 | access to local variable o : Object | Constructors.cs:41:26:41:26 | o : Object |
+| Constructors.cs:61:25:61:25 | access to local variable o : Object | Constructors.cs:41:26:41:26 | o : Object |
+| Constructors.cs:61:25:61:25 | access to local variable o : Object | Constructors.cs:61:18:61:26 | object creation of type C1 : C1 [field Obj] : Object |
+| Constructors.cs:61:25:61:25 | access to local variable o : Object | Constructors.cs:61:18:61:26 | object creation of type C1 : C1 [field Obj] : Object |
+| Constructors.cs:62:14:62:15 | access to local variable c1 : C1 [field Obj] : Object | Constructors.cs:62:14:62:19 | access to field Obj |
+| Constructors.cs:62:14:62:15 | access to local variable c1 : C1 [field Obj] : Object | Constructors.cs:62:14:62:19 | access to field Obj |
 nodes
 | Constructors.cs:5:24:5:25 | [post] this access : C_no_ctor [field s1] : Object | semmle.label | [post] this access : C_no_ctor [field s1] : Object |
 | Constructors.cs:5:24:5:25 | [post] this access : C_no_ctor [field s1] : Object | semmle.label | [post] this access : C_no_ctor [field s1] : Object |
@@ -53,9 +71,29 @@ nodes
 | Constructors.cs:33:18:33:19 | access to field s1 | semmle.label | access to field s1 |
 | Constructors.cs:33:18:33:19 | this access : C_with_ctor [field s1] : Object | semmle.label | this access : C_with_ctor [field s1] : Object |
 | Constructors.cs:33:18:33:19 | this access : C_with_ctor [field s1] : Object | semmle.label | this access : C_with_ctor [field s1] : Object |
+| Constructors.cs:41:26:41:26 | o : Object | semmle.label | o : Object |
+| Constructors.cs:41:26:41:26 | o : Object | semmle.label | o : Object |
+| Constructors.cs:41:32:41:34 | [post] this access : C1 [field Obj] : Object | semmle.label | [post] this access : C1 [field Obj] : Object |
+| Constructors.cs:41:32:41:34 | [post] this access : C1 [field Obj] : Object | semmle.label | [post] this access : C1 [field Obj] : Object |
+| Constructors.cs:41:38:41:38 | access to parameter o : Object | semmle.label | access to parameter o : Object |
+| Constructors.cs:41:38:41:38 | access to parameter o : Object | semmle.label | access to parameter o : Object |
+| Constructors.cs:60:17:60:33 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
+| Constructors.cs:60:17:60:33 | call to method Source<Object> : Object | semmle.label | call to method Source<Object> : Object |
+| Constructors.cs:61:18:61:26 | object creation of type C1 : C1 [field Obj] : Object | semmle.label | object creation of type C1 : C1 [field Obj] : Object |
+| Constructors.cs:61:18:61:26 | object creation of type C1 : C1 [field Obj] : Object | semmle.label | object creation of type C1 : C1 [field Obj] : Object |
+| Constructors.cs:61:25:61:25 | access to local variable o : Object | semmle.label | access to local variable o : Object |
+| Constructors.cs:61:25:61:25 | access to local variable o : Object | semmle.label | access to local variable o : Object |
+| Constructors.cs:62:14:62:15 | access to local variable c1 : C1 [field Obj] : Object | semmle.label | access to local variable c1 : C1 [field Obj] : Object |
+| Constructors.cs:62:14:62:15 | access to local variable c1 : C1 [field Obj] : Object | semmle.label | access to local variable c1 : C1 [field Obj] : Object |
+| Constructors.cs:62:14:62:19 | access to field Obj | semmle.label | access to field Obj |
+| Constructors.cs:62:14:62:19 | access to field Obj | semmle.label | access to field Obj |
 subpaths
+| Constructors.cs:61:25:61:25 | access to local variable o : Object | Constructors.cs:41:26:41:26 | o : Object | Constructors.cs:41:32:41:34 | [post] this access : C1 [field Obj] : Object | Constructors.cs:61:18:61:26 | object creation of type C1 : C1 [field Obj] : Object |
+| Constructors.cs:61:25:61:25 | access to local variable o : Object | Constructors.cs:41:26:41:26 | o : Object | Constructors.cs:41:32:41:34 | [post] this access : C1 [field Obj] : Object | Constructors.cs:61:18:61:26 | object creation of type C1 : C1 [field Obj] : Object |
 #select
 | Constructors.cs:15:18:15:19 | access to field s1 | Constructors.cs:5:29:5:45 | call to method Source<Object> : Object | Constructors.cs:15:18:15:19 | access to field s1 | $@ | Constructors.cs:5:29:5:45 | call to method Source<Object> : Object | call to method Source<Object> : Object |
 | Constructors.cs:15:18:15:19 | access to field s1 | Constructors.cs:5:29:5:45 | call to method Source<Object> : Object | Constructors.cs:15:18:15:19 | access to field s1 | $@ | Constructors.cs:5:29:5:45 | call to method Source<Object> : Object | call to method Source<Object> : Object |
 | Constructors.cs:33:18:33:19 | access to field s1 | Constructors.cs:21:29:21:45 | call to method Source<Object> : Object | Constructors.cs:33:18:33:19 | access to field s1 | $@ | Constructors.cs:21:29:21:45 | call to method Source<Object> : Object | call to method Source<Object> : Object |
 | Constructors.cs:33:18:33:19 | access to field s1 | Constructors.cs:21:29:21:45 | call to method Source<Object> : Object | Constructors.cs:33:18:33:19 | access to field s1 | $@ | Constructors.cs:21:29:21:45 | call to method Source<Object> : Object | call to method Source<Object> : Object |
+| Constructors.cs:62:14:62:19 | access to field Obj | Constructors.cs:60:17:60:33 | call to method Source<Object> : Object | Constructors.cs:62:14:62:19 | access to field Obj | $@ | Constructors.cs:60:17:60:33 | call to method Source<Object> : Object | call to method Source<Object> : Object |
+| Constructors.cs:62:14:62:19 | access to field Obj | Constructors.cs:60:17:60:33 | call to method Source<Object> : Object | Constructors.cs:62:14:62:19 | access to field Obj | $@ | Constructors.cs:60:17:60:33 | call to method Source<Object> : Object | call to method Source<Object> : Object |

csharp/ql/test/library-tests/dataflow/constructors/Constructors.cs

@@ -34,6 +34,55 @@ public class Constructors
         }
     }
 
+    public class C1
+    {
+        public object Obj;
+
+        public C1(object o) => Obj = o;
+    }
+
+    public class C2(object o21param, object o22param)
+    {
+        public object Obj21 = o21param;
+
+        public object Obj22 => o22param;
+
+        public object Obj23 => Obj21;
+
+        public void SetObj(object o)
+        {
+            o22param = o;
+        }
+    }
+
+    public void M1()
+    {
+        var o = Source<object>(1);
+        var c1 = new C1(o);
+        Sink(c1.Obj); // $ hasValueFlow=1
+    }
+
+    public void M2()
+    {
+        var o21 = Source<object>(2);
+        var o22 = Source<object>(3);
+        var c2 = new C2(o21, o22);
+        Sink(c2.Obj21); // $ hasValueFlow=2
+        Sink(c2.Obj22); // $ hasValueFlow=3
+        Sink(c2.Obj23); // $ hasValueFlow=2
+    }
+
+    public void M3()
+    {
+        var c2 = new C2(new object(), new object());
+        Sink(c2.Obj21); // No flow
+        Sink(c2.Obj22); // No flow
+        Sink(c2.Obj23); // No flow
+        var taint = Source<object>(4);
+        c2.SetObj(taint);
+        Sink(c2.Obj22); // $ hasValueFlow=4
+    }
+
     public static void Sink(object o) { }
 
     public static T Source<T>(object source) => throw null;