C#: Add test for CaptureSinkModel query.

michaelnebel · michaelnebel · commit 6194d5cf6376 · 2022-03-29T11:07:57.000+02:00
diff --git a/csharp/ql/test/utils/model-generator/CaptureSinkModels.expected b/csharp/ql/test/utils/model-generator/CaptureSinkModels.expected
@@ -0,0 +1,3 @@
+| Sinks;NewSinks;false;WrapFieldResponseWriteFile;();Argument[Qualifier];html |
+| Sinks;NewSinks;false;WrapResponseWrite;(System.Object);Argument[0];html |
+| Sinks;NewSinks;false;WrapResponseWriteFile;(System.String);Argument[0];html |
diff --git a/csharp/ql/test/utils/model-generator/CaptureSinkModels.qlref b/csharp/ql/test/utils/model-generator/CaptureSinkModels.qlref
@@ -0,0 +1 @@
+utils/model-generator/CaptureSinkModels.ql
diff --git a/csharp/ql/test/utils/model-generator/Sinks.cs b/csharp/ql/test/utils/model-generator/Sinks.cs
@@ -0,0 +1,38 @@
+using System;
+using System.Web;
+
+namespace Sinks;
+
+public class NewSinks
+{
+    private string tainted;
+
+    // New sink
+    public void WrapResponseWrite(object o)
+    {
+        var response = new HttpResponse();
+        response.Write(o);
+    }
+
+    // NOT new sink as method is private
+    private void PrivateWrapResponseWrite(object o)
+    {
+        var response = new HttpResponse();
+        response.Write(o);
+    }
+
+    // New sink
+    public void WrapResponseWriteFile(string s)
+    {
+        var response = new HttpResponse();
+        response.WriteFile(s);
+    }
+
+    // New sink
+    public void WrapFieldResponseWriteFile()
+    {
+        var response = new HttpResponse();
+        response.WriteFile(tainted);
+    }
+
+}
diff --git a/csharp/ql/test/utils/model-generator/options b/csharp/ql/test/utils/model-generator/options
@@ -1 +1,2 @@
-semmle-extractor-options: /r:System.Linq.dll 
+semmle-extractor-options: /r:System.Linq.dll /r:System.Collections.Specialized.dll
+semmle-extractor-options: ${testdir}/../../resources/stubs/System.Web.cs

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+\| Sinks;NewSinks;false;WrapFieldResponseWriteFile;();Argument[Qualifier];html \|`
	`2`	`+\| Sinks;NewSinks;false;WrapResponseWrite;(System.Object);Argument[0];html \|`
	`3`	`+\| Sinks;NewSinks;false;WrapResponseWriteFile;(System.String);Argument[0];html \|`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+utils/model-generator/CaptureSinkModels.ql`
Original file line number	Diff line number	Diff line change
`@@ -1 +1,2 @@`
`1`		`-semmle-extractor-options: /r:System.Linq.dll`
	`1`	`+semmle-extractor-options: /r:System.Linq.dll /r:System.Collections.Specialized.dll`
	`2`	`+semmle-extractor-options: ${testdir}/../../resources/stubs/System.Web.cs`