C#: Fix whitespaces

hvitved · hvitved · commit 67e64f21d87f · 2018-11-07T08:52:38.000+01:00
diff --git a/csharp/fix-whitespaces.sh b/csharp/fix-whitespaces.sh
@@ -8,7 +8,7 @@ cat > "$BASEDIR/reformat.vim" <<"EOF"
 :wq
 EOF
 
-find "$BASEDIR" \( -name "*.ql" -or -name "*.qll" -or -name "*.csv" \) -exec vim -u /dev/null -s reformat.vim {} \;
+find "$BASEDIR" \( -name "*.ql" -or -name "*.qll" -or -name "*.csv" -or -name "*.config" \) -exec vim -u /dev/null -s reformat.vim {} \;
 
 cat > reformat.vim <<"EOF"
 :set ff=unix ts=4 et
diff --git a/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.config b/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.config
@@ -6,36 +6,35 @@
 
     <appSettings>
         <add key="service-dir" value="/opt/deki/bin" />
-	<add key="root-uri" value="http://localhost/@api" />
+        <add key="root-uri" value="http://localhost/@api" />
         <add key="apikey" value="12345" />
         <add key="script" value="/opt/deki/bin/mindtouch.deki.startup.xml" />
     </appSettings>
-    
+
     <connectionStrings>
-  		<add name="connectionstring" providerName="System.Data.SqlClient"
-  			 connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;pwd= ;" /> <!-- VIOLATION -->
-  		<add name="connectionstring2" providerName="System.Data.SqlClient"
-  			 connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;password = whatever;" /> <!-- NON-VIOLATION -->
- 	</connectionStrings>
+      <add name="connectionstring" providerName="System.Data.SqlClient"
+         connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;pwd= ;" /> <!-- VIOLATION -->
+      <add name="connectionstring2" providerName="System.Data.SqlClient"
+         connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;password = whatever;" /> <!-- NON-VIOLATION -->
+    </connectionStrings>
 
     <system.web>
         <httpHandlers>
-            <add verb="*" path="*" 
-                  type="MindTouch.Dream.Http.HttpHandler, mindtouch.core"/> 
+            <add verb="*" path="*"
+                  type="MindTouch.Dream.Http.HttpHandler, mindtouch.core"/>
         </httpHandlers>
-	<!--<customErrors mode="Off"/>-->
-		<authentication mode="Windows|Forms|Passport|None">
-  			<forms name="name"
-       			loginUrl="url" 
-       			protection="All|None|Encryption|Validation"
-       			timeout="30" path="/" >
-     			<credentials passwordFormat="Clear|SHA1|MD5">
-      				 <user name="username" password="" /> <!-- VIOLATION -->
-     			</credentials>
-   			</forms>
-   			<passport redirectUrl="internal"/>
-		</authentication>
-	
+        <!--<customErrors mode="Off"/>-->
+        <authentication mode="Windows|Forms|Passport|None">
+            <forms name="name"
+                loginUrl="url"
+                protection="All|None|Encryption|Validation"
+                timeout="30" path="/" >
+              <credentials passwordFormat="Clear|SHA1|MD5">
+                   <user name="username" password="" /> <!-- VIOLATION -->
+              </credentials>
+            </forms>
+            <passport redirectUrl="internal"/>
+        </authentication>
     </system.web>
 
     <system.net>
diff --git a/csharp/ql/src/Configuration/PasswordInConfigurationFile.config b/csharp/ql/src/Configuration/PasswordInConfigurationFile.config
@@ -6,36 +6,35 @@
 
     <appSettings>
         <add key="service-dir" value="/opt/deki/bin" />
-	<add key="root-uri" value="http://localhost/@api" />
+        <add key="root-uri" value="http://localhost/@api" />
         <add key="apikey" value="12345" />
         <add key="script" value="/opt/deki/bin/mindtouch.deki.startup.xml" />
     </appSettings>
-    
+
     <connectionStrings>
-  		<add name="connectionstring" providerName="System.Data.SqlClient"
-  			 connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;pwd=whatever;" /> <!-- VIOLATION -->
-  		<add name="connectionstring2" providerName="System.Data.SqlClient"
-  			 connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;password = whatever;" /> <!-- VIOLATION -->
- 	</connectionStrings>
+      <add name="connectionstring" providerName="System.Data.SqlClient"
+         connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;pwd=whatever;" /> <!-- VIOLATION -->
+      <add name="connectionstring2" providerName="System.Data.SqlClient"
+         connectionString="Server=(local);Database=admtest;Trusted_Connection=False;uid=sa;password = whatever;" /> <!-- VIOLATION -->
+    </connectionStrings>
 
     <system.web>
         <httpHandlers>
-            <add verb="*" path="*" 
-                  type="MindTouch.Dream.Http.HttpHandler, mindtouch.core"/> 
+            <add verb="*" path="*"
+                  type="MindTouch.Dream.Http.HttpHandler, mindtouch.core"/>
         </httpHandlers>
-	<!--<customErrors mode="Off"/>-->
-		<authentication mode="Windows|Forms|Passport|None">
-  			<forms name="name"
-       			loginUrl="url" 
-       			protection="All|None|Encryption|Validation"
-       			timeout="30" path="/" >
-     			<credentials passwordFormat="Clear|SHA1|MD5">
-      				 <user name="username" password="password" /> <!-- VIOLATION -->
-     			</credentials>
-   			</forms>
-   			<passport redirectUrl="internal"/>
-		</authentication>
-	
+        <!--<customErrors mode="Off"/>-->
+        <authentication mode="Windows|Forms|Passport|None">
+            <forms name="name"
+                loginUrl="url"
+                 protection="All|None|Encryption|Validation"
+                timeout="30" path="/" >
+              <credentials passwordFormat="Clear|SHA1|MD5">
+                   <user name="username" password="password" /> <!-- VIOLATION -->
+              </credentials>
+            </forms>
+            <passport redirectUrl="internal"/>
+        </authentication>
     </system.web>
 
     <system.net>
diff --git a/csharp/ql/src/Security Features/CWE-248/BadWeb.config b/csharp/ql/src/Security Features/CWE-248/BadWeb.config
@@ -5,4 +5,4 @@
       ...
     </customErrors>
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/src/Security Features/CWE-248/GoodWeb.config b/csharp/ql/src/Security Features/CWE-248/GoodWeb.config
@@ -5,4 +5,4 @@
       ...
     </customErrors>
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/src/Security Features/CWE-451/Web.config b/csharp/ql/src/Security Features/CWE-451/Web.config
@@ -9,4 +9,4 @@
       </customHeaders>
     </httpProtocol>
   </system.webServer>
-</configuration>
+</configuration>
diff --git a/csharp/ql/src/Security Features/CWE-614/Web.config b/csharp/ql/src/Security Features/CWE-614/Web.config
@@ -3,7 +3,7 @@
   <system.web>
     <authentication>
       <forms
-        requireSSL="true" 
+        requireSSL="true"
         ... />
     </authentication>
     <httpCookies
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/UrlRedirect.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/UrlRedirect.qll
@@ -174,7 +174,7 @@ module UrlRedirect {
       )
     }
   }
-  
+
   /**
    * Anything that is setting "location" header in the response headers.
    */
@@ -201,12 +201,12 @@ module UrlRedirect {
         this.getExpr() = add.getArgument(1))
       or // HttpResponse.Headers["location"] = <user-provided value>
       exists(RefType cl, MicrosoftAspNetCoreHttpHttpResponse resp, IndexerAccess ci, Call cs, PropertyAccess qualifier |
-        qualifier.getTarget() = resp.getHeadersProperty() and 
+        qualifier.getTarget() = resp.getHeadersProperty() and
         ci.getTarget() = cl.getAnIndexer() and
         qualifier = ci.getQualifier() and
         cs.getTarget() = cl.getAnIndexer().getSetter() and
         cs.getArgument(0).getValue().toLowerCase() = "location" and
-        this.asExpr() = cs.getArgument(1)) 
+        this.asExpr() = cs.getArgument(1))
     }
   }
 }
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/XSS.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/XSS.qll
@@ -526,8 +526,8 @@ module XSS {
       this.getExpr() = any(WebPageClass h).getWriteLiteralMethod().getACall().getAnArgument()
     }
 
-    override string explanation() { 
-      result = "System.Web.WebPages.WebPage.WriteLiteral() method" 
+    override string explanation() {
+      result = "System.Web.WebPages.WebPage.WriteLiteral() method"
     }
   }
 
@@ -539,9 +539,9 @@ module XSS {
     WebPageWriteLiteralToSink() {
       this.getExpr() = any(WebPageClass h).getWriteLiteralToMethod().getACall().getAnArgument()
     }
-    
-    override string explanation() { 
-      result = "System.Web.WebPages.WebPage.WriteLiteralTo() method" 
+
+    override string explanation() {
+      result = "System.Web.WebPages.WebPage.WriteLiteralTo() method"
     }
   }
 
@@ -555,9 +555,9 @@ module XSS {
     MicrosoftAspNetCoreMvcHtmlHelperRawSink() {
       this.getExpr() = any(MicrosoftAspNetCoreMvcHtmlHelperClass h).getRawMethod().getACall().getAnArgument()
     }
-  
-    override string explanation() { 
-      result = "Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method" 
+
+    override string explanation() {
+      result = "Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method"
     }
   }
 
@@ -569,19 +569,19 @@ module XSS {
     MicrosoftAspNetRazorPageWriteLiteralSink() {
       this.getExpr() = any(MicrosoftAspNetCoreMvcRazorPageBase h).getWriteLiteralMethod().getACall().getAnArgument()
     }
-    
-    override string explanation() { 
-      result = "Microsoft.AspNetCore.Mvc.Razor.RazorPageBase.WriteLiteral() method" 
+
+    override string explanation() {
+      result = "Microsoft.AspNetCore.Mvc.Razor.RazorPageBase.WriteLiteral() method"
     }
   }
-  
+
   /**
    * HtmlString that may be rendered as is need to have sanitized value
    */
   class MicrosoftAspNetHtmlStringSink extends AspNetCoreSink {
     MicrosoftAspNetHtmlStringSink() {
-      exists (ObjectCreation c, MicrosoftAspNetCoreHttpHtmlString s | 
-       c.getTarget() = s.getAConstructor() and 
+      exists (ObjectCreation c, MicrosoftAspNetCoreHttpHtmlString s |
+       c.getTarget() = s.getAConstructor() and
        this.asExpr() = c.getAnArgument())
     }
   }
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-011/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-011/Web.config
@@ -5,4 +5,4 @@
       defaultLanguage="c#"
     />
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-011/bad/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-011/bad/Web.config
@@ -6,4 +6,4 @@
       debug="true"
     />
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNet.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNet.cs
@@ -48,4 +48,4 @@ public override void Execute()
     }
 }
 
-// source-extractor-options: /r:${testdir}/../../../../../packages/Microsoft.AspNet.WebPages.3.2.3/lib/net45/System.Web.WebPages.dll /r:${testdir}/../../../../../packages/Microsoft.AspNet.Mvc.5.2.3/lib/net45/System.Web.Mvc.dll /r:System.Dynamic.Runtime.dll /r:System.Runtime.Extensions.dll /r:System.Linq.Expressions.dll /r:System.Web.dll /r:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll /r:System.Collections.Specialized.dll
+// source-extractor-options: /r:${testdir}/../../../../../packages/Microsoft.AspNet.WebPages.3.2.3/lib/net45/System.Web.WebPages.dll /r:${testdir}/../../../../../packages/Microsoft.AspNet.Mvc.5.2.3/lib/net45/System.Web.Mvc.dll /r:System.Dynamic.Runtime.dll /r:System.Runtime.Extensions.dll /r:System.Linq.Expressions.dll /r:System.Web.dll /r:C:\Windows\Microsoft.NET\Framework64\v4.0.30319\System.Web.dll /r:System.Collections.Specialized.dll
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNetCore.cs b/csharp/ql/test/query-tests/Security Features/CWE-079/XSS/XSSAspNetCore.cs
@@ -76,4 +76,4 @@ public IActionResult Contact()
     }
 }
 
-// initial-extractor-options: /r:netstandard.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.Core.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.Core.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Antiforgery.1.1.2/lib/net451/Microsoft.AspNetCore.Antiforgery.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.ViewFeatures.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.ViewFeatures.dll  /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.Abstractions.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.Abstractions.dll /r:${testdir}/../../../../../packages\Microsoft.AspNetCore.Http.Abstractions.1.1.2\lib\net451\Microsoft.AspNetCore.Http.Abstractions.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Html.Abstractions.1.1.2/lib/netstandard1.0/Microsoft.AspNetCore.Html.Abstractions.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Http.Features.1.1.2\lib\net451\Microsoft.AspNetCore.Http.Features.dll /r:${testdir}/../../../../../packages\Microsoft.Extensions.Primitives.2.1.0\lib\netstandard2.0\Microsoft.Extensions.Primitives.dll /r:System.Linq.dll /r:System.Linq.Expressions.dll /r:System.Linq.Queryable.dll
+// initial-extractor-options: /r:netstandard.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.Core.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.Core.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Antiforgery.1.1.2/lib/net451/Microsoft.AspNetCore.Antiforgery.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.ViewFeatures.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.ViewFeatures.dll  /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Mvc.Abstractions.1.1.3/lib/net451/Microsoft.AspNetCore.Mvc.Abstractions.dll /r:${testdir}/../../../../../packages\Microsoft.AspNetCore.Http.Abstractions.1.1.2\lib\net451\Microsoft.AspNetCore.Http.Abstractions.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Html.Abstractions.1.1.2/lib/netstandard1.0/Microsoft.AspNetCore.Html.Abstractions.dll /r:${testdir}/../../../../../packages/Microsoft.AspNetCore.Http.Features.1.1.2\lib\net451\Microsoft.AspNetCore.Http.Features.dll /r:${testdir}/../../../../../packages\Microsoft.Extensions.Primitives.2.1.0\lib\netstandard2.0\Microsoft.Extensions.Primitives.dll /r:System.Linq.dll /r:System.Linq.Expressions.dll /r:System.Linq.Queryable.dll
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOff/Web.config
@@ -4,4 +4,4 @@
     <customErrors mode="Off">
     </customErrors>
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-248/MissingASPNETGlobalErrorHandler/WebConfigOffButGlobal/Web.config
@@ -4,4 +4,4 @@
     <customErrors mode="Off">
     </customErrors>
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/CodeAddedHeader/Web.config
@@ -2,4 +2,4 @@
 <configuration>
   <system.web>
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/NoHeader/Web.config
@@ -2,4 +2,4 @@
 <configuration>
   <system.web>
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-451/MissingXFrameOptions/WebConfigAddedHeader/Web.config
@@ -9,4 +9,4 @@
       </customHeaders>
     </httpProtocol>
   </system.webServer>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-548/web.config b/csharp/ql/test/query-tests/Security Features/CWE-548/web.config
@@ -3,4 +3,4 @@
   <system.webServer>
     <directoryBrowse enabled="true" />
   </system.webServer>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInCode/Web.config
@@ -3,4 +3,4 @@
   <system.web>
     <httpCookies />
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/AddedInForms/Web.config
@@ -6,4 +6,4 @@
     </authentication>
     <httpCookies />
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/HttpCookiesCorrect/Web.config
@@ -6,4 +6,4 @@
     </authentication>
     <httpCookies requireSSL="true"/>
   </system.web>
-</configuration>
+</configuration>
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config b/csharp/ql/test/query-tests/Security Features/CWE-614/RequireSSL/RequireSSLMissing/Web.config
@@ -6,4 +6,4 @@
     </authentication>
     <httpCookies />
   </system.web>
-</configuration>
+</configuration>

Original file line number	Diff line number	Diff line change
`@@ -174,7 +174,7 @@ module UrlRedirect {`
`174`	`174`	`)`
`175`	`175`	`}`
`176`	`176`	`}`
`177`		`-`
	`177`	`+`
`178`	`178`	`/**`
`179`	`179`	`* Anything that is setting "location" header in the response headers.`
`180`	`180`	`*/`
`@@ -201,12 +201,12 @@ module UrlRedirect {`
`201`	`201`	`this.getExpr() = add.getArgument(1))`
`202`	`202`	`or // HttpResponse.Headers["location"] = <user-provided value>`
`203`	`203`	`exists(RefType cl, MicrosoftAspNetCoreHttpHttpResponse resp, IndexerAccess ci, Call cs, PropertyAccess qualifier \|`
`204`		`- qualifier.getTarget() = resp.getHeadersProperty() and`
	`204`	`+ qualifier.getTarget() = resp.getHeadersProperty() and`
`205`	`205`	`ci.getTarget() = cl.getAnIndexer() and`
`206`	`206`	`qualifier = ci.getQualifier() and`
`207`	`207`	`cs.getTarget() = cl.getAnIndexer().getSetter() and`
`208`	`208`	`cs.getArgument(0).getValue().toLowerCase() = "location" and`
`209`		`- this.asExpr() = cs.getArgument(1))`
	`209`	`+ this.asExpr() = cs.getArgument(1))`
`210`	`210`	`}`
`211`	`211`	`}`
`212`	`212`	`}`
Original file line number	Diff line number	Diff line change
`@@ -526,8 +526,8 @@ module XSS {`
`526`	`526`	`this.getExpr() = any(WebPageClass h).getWriteLiteralMethod().getACall().getAnArgument()`
`527`	`527`	`}`
`528`	`528`
`529`		`- override string explanation() {`
`530`		`- result = "System.Web.WebPages.WebPage.WriteLiteral() method"`
	`529`	`+ override string explanation() {`
	`530`	`+ result = "System.Web.WebPages.WebPage.WriteLiteral() method"`
`531`	`531`	`}`
`532`	`532`	`}`
`533`	`533`
`@@ -539,9 +539,9 @@ module XSS {`
`539`	`539`	`WebPageWriteLiteralToSink() {`
`540`	`540`	`this.getExpr() = any(WebPageClass h).getWriteLiteralToMethod().getACall().getAnArgument()`
`541`	`541`	`}`
`542`		`-`
`543`		`- override string explanation() {`
`544`		`- result = "System.Web.WebPages.WebPage.WriteLiteralTo() method"`
	`542`	`+`
	`543`	`+ override string explanation() {`
	`544`	`+ result = "System.Web.WebPages.WebPage.WriteLiteralTo() method"`
`545`	`545`	`}`
`546`	`546`	`}`
`547`	`547`
`@@ -555,9 +555,9 @@ module XSS {`
`555`	`555`	`MicrosoftAspNetCoreMvcHtmlHelperRawSink() {`
`556`	`556`	`this.getExpr() = any(MicrosoftAspNetCoreMvcHtmlHelperClass h).getRawMethod().getACall().getAnArgument()`
`557`	`557`	`}`
`558`		`-`
`559`		`- override string explanation() {`
`560`		`- result = "Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method"`
	`558`	`+`
	`559`	`+ override string explanation() {`
	`560`	`+ result = "Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw() method"`
`561`	`561`	`}`
`562`	`562`	`}`
`563`	`563`
`@@ -569,19 +569,19 @@ module XSS {`
`569`	`569`	`MicrosoftAspNetRazorPageWriteLiteralSink() {`
`570`	`570`	`this.getExpr() = any(MicrosoftAspNetCoreMvcRazorPageBase h).getWriteLiteralMethod().getACall().getAnArgument()`
`571`	`571`	`}`
`572`		`-`
`573`		`- override string explanation() {`
`574`		`- result = "Microsoft.AspNetCore.Mvc.Razor.RazorPageBase.WriteLiteral() method"`
	`572`	`+`
	`573`	`+ override string explanation() {`
	`574`	`+ result = "Microsoft.AspNetCore.Mvc.Razor.RazorPageBase.WriteLiteral() method"`
`575`	`575`	`}`
`576`	`576`	`}`
`577`		`-`
	`577`	`+`
`578`	`578`	`/**`
`579`	`579`	`* HtmlString that may be rendered as is need to have sanitized value`
`580`	`580`	`*/`
`581`	`581`	`class MicrosoftAspNetHtmlStringSink extends AspNetCoreSink {`
`582`	`582`	`MicrosoftAspNetHtmlStringSink() {`
`583`		`- exists (ObjectCreation c, MicrosoftAspNetCoreHttpHtmlString s \|`
`584`		`- c.getTarget() = s.getAConstructor() and`
	`583`	`+ exists (ObjectCreation c, MicrosoftAspNetCoreHttpHtmlString s \|`
	`584`	`+ c.getTarget() = s.getAConstructor() and`
`585`	`585`	`this.asExpr() = c.getAnArgument())`
`586`	`586`	`}`
`587`	`587`	`}`