changed to address review

erik-krogh · erik-krogh · commit 77eeabe8e5b3 · 2022-09-29T13:39:59.000+02:00
diff --git a/csharp/ql/campaigns/Solorigate/src/ModifiedFnvFunctionDetection.ql b/csharp/ql/campaigns/Solorigate/src/ModifiedFnvFunctionDetection.ql
@@ -27,5 +27,5 @@ where
       xor2.getAnOperand() = v.getAnAccess()
     )
   )
-select l, "This literal is used in an $@ after a FNV-like hash calculation with variable $@.",
+select l, "This literal is used in an $@ after an FNV-like hash calculation with variable $@.",
   additional_xor, "additional xor", v, v.toString()
diff --git a/csharp/ql/campaigns/Solorigate/src/NumberOfKnownMethodNamesAboveThreshold.ql b/csharp/ql/campaigns/Solorigate/src/NumberOfKnownMethodNamesAboveThreshold.ql
@@ -28,5 +28,5 @@ where
   isSolorigateSuspiciousMethodName(m) and
   total > threshold
 select m,
-  "This method " + m.getName() + " may be related to Solorigate. Total count = " + total +
-    " is above the threshold " + threshold + "."
+  "This method may be related to Solorigate. Total count = " + total + " is above the threshold " +
+    threshold + "."
diff --git a/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql b/csharp/ql/src/Security Features/CWE-078/StoredCommandInjection.ql
@@ -25,4 +25,4 @@ class StoredTaintTrackingConfiguration extends TaintTrackingConfiguration {
 from StoredTaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
 where c.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "Command line depends on a $@.", source.getNode(),
-  "stored user-provided value"
+  "stored (potentially user-provided) value"
diff --git a/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql b/csharp/ql/src/Security Features/CWE-079/StoredXSS.ql
@@ -32,4 +32,4 @@ where
   then explanation = " (" + sink.getNode().(Sink).explanation() + ")"
   else explanation = ""
 select sink.getNode(), source, sink, "HTML or JavaScript write" + explanation + " depends on a $@.",
-  source.getNode(), "stored user-provided value"
+  source.getNode(), "stored (potentially user-provided) value"
diff --git a/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql b/csharp/ql/src/Security Features/CWE-090/StoredLDAPInjection.ql
@@ -23,4 +23,4 @@ class StoredTaintTrackingConfiguration extends TaintTrackingConfiguration {
 from StoredTaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
 where c.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "This LDAP query depends on a $@.", source.getNode(),
-  "stored user-provided value"
+  "stored (potentially user-provided) value"
diff --git a/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql b/csharp/ql/src/Security Features/CWE-134/UncontrolledFormatString.ql
@@ -39,5 +39,5 @@ string getSourceType(DataFlow::Node node) {
 
 from FormatStringConfiguration config, DataFlow::PathNode source, DataFlow::PathNode sink
 where config.hasFlowPath(source, sink)
-select sink.getNode(), source, sink, "Format string depends on a $@.", source.getNode(),
+select sink.getNode(), source, sink, "Format string depends on $@.", source.getNode(),
   ("this" + getSourceType(source.getNode()))
diff --git a/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql b/csharp/ql/src/Security Features/CWE-643/StoredXPathInjection.ql
@@ -23,4 +23,4 @@ class StoredTaintTrackingConfiguration extends XPathInjection::TaintTrackingConf
 from StoredTaintTrackingConfiguration c, DataFlow::PathNode source, DataFlow::PathNode sink
 where c.hasFlowPath(source, sink)
 select sink.getNode(), source, sink, "XPath expression depends on a $@.", source.getNode(),
-  "stored user-provided value"
+  "stored (potentially user-provided) value"
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-078/StoredCommandInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-078/StoredCommandInjection.expected
@@ -5,4 +5,4 @@ nodes
 | StoredCommandInjection.cs:22:54:22:80 | call to method GetString : String | semmle.label | call to method GetString : String |
 subpaths
 #select
-| StoredCommandInjection.cs:22:46:22:80 | ... + ... | StoredCommandInjection.cs:22:54:22:80 | call to method GetString : String | StoredCommandInjection.cs:22:46:22:80 | ... + ... | Command line depends on a $@. | StoredCommandInjection.cs:22:54:22:80 | call to method GetString | stored user-provided value |
+| StoredCommandInjection.cs:22:46:22:80 | ... + ... | StoredCommandInjection.cs:22:54:22:80 | call to method GetString : String | StoredCommandInjection.cs:22:46:22:80 | ... + ... | Command line depends on a $@. | StoredCommandInjection.cs:22:54:22:80 | call to method GetString | stored (potentially user-provided) value |
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected b/csharp/ql/test/query-tests/Security Features/CWE-079/StoredXSS/StoredXSS.expected
@@ -5,4 +5,4 @@ nodes
 | StoredXSS.cs:24:60:24:86 | call to method GetString : String | semmle.label | call to method GetString : String |
 subpaths
 #select
-| StoredXSS.cs:24:44:24:86 | ... + ... | StoredXSS.cs:24:60:24:86 | call to method GetString : String | StoredXSS.cs:24:44:24:86 | ... + ... | HTML or JavaScript write depends on a $@. | StoredXSS.cs:24:60:24:86 | call to method GetString | stored user-provided value |
+| StoredXSS.cs:24:44:24:86 | ... + ... | StoredXSS.cs:24:60:24:86 | call to method GetString : String | StoredXSS.cs:24:44:24:86 | ... + ... | HTML or JavaScript write depends on a $@. | StoredXSS.cs:24:60:24:86 | call to method GetString | stored (potentially user-provided) value |
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-090/StoredLDAPInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-090/StoredLDAPInjection.expected
@@ -5,4 +5,4 @@ nodes
 | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString : String | semmle.label | call to method GetString : String |
 subpaths
 #select
-| StoredLDAPInjection.cs:22:66:22:109 | ... + ... | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString : String | StoredLDAPInjection.cs:22:66:22:109 | ... + ... | This LDAP query depends on a $@. | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString | stored user-provided value |
+| StoredLDAPInjection.cs:22:66:22:109 | ... + ... | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString : String | StoredLDAPInjection.cs:22:66:22:109 | ... + ... | This LDAP query depends on a $@. | StoredLDAPInjection.cs:22:83:22:109 | call to method GetString | stored (potentially user-provided) value |
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected b/csharp/ql/test/query-tests/Security Features/CWE-134/UncontrolledFormatString.expected
@@ -21,8 +21,8 @@ nodes
 | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | semmle.label | access to local variable format |
 subpaths
 #select
-| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | Format string depends on a $@. | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine | thisexternal |
-| UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | Format string depends on a $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
-| UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | Format string depends on a $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
-| UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | Format string depends on a $@. | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | thisTextBox text |
-| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | Format string depends on a $@. | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | thisASP.NET query string |
+| ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine : String | ConsoleUncontrolledFormatString.cs:11:31:11:36 | access to local variable format | Format string depends on $@. | ConsoleUncontrolledFormatString.cs:8:22:8:39 | call to method ReadLine | thisexternal |
+| UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:12:23:12:26 | access to local variable path | Format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
+| UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString : NameValueCollection | UncontrolledFormatString.cs:15:46:15:49 | access to local variable path | Format string depends on $@. | UncontrolledFormatString.cs:9:23:9:45 | access to property QueryString | thisASP.NET query string |
+| UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | Format string depends on $@. | UncontrolledFormatString.cs:32:23:32:31 | access to property Text | thisTextBox text |
+| UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString : NameValueCollection | UncontrolledFormatStringBad.cs:12:39:12:44 | access to local variable format | Format string depends on $@. | UncontrolledFormatStringBad.cs:9:25:9:47 | access to property QueryString | thisASP.NET query string |
diff --git a/csharp/ql/test/query-tests/Security Features/CWE-643/StoredXPathInjection.expected b/csharp/ql/test/query-tests/Security Features/CWE-643/StoredXPathInjection.expected
@@ -10,7 +10,7 @@ nodes
 | StoredXPathInjection.cs:28:41:28:144 | ... + ... | semmle.label | ... + ... |
 subpaths
 #select
-| StoredXPathInjection.cs:25:45:25:148 | ... + ... | StoredXPathInjection.cs:22:39:22:65 | call to method GetString : String | StoredXPathInjection.cs:25:45:25:148 | ... + ... | XPath expression depends on a $@. | StoredXPathInjection.cs:22:39:22:65 | call to method GetString | stored user-provided value |
-| StoredXPathInjection.cs:25:45:25:148 | ... + ... | StoredXPathInjection.cs:23:39:23:65 | call to method GetString : String | StoredXPathInjection.cs:25:45:25:148 | ... + ... | XPath expression depends on a $@. | StoredXPathInjection.cs:23:39:23:65 | call to method GetString | stored user-provided value |
-| StoredXPathInjection.cs:28:41:28:144 | ... + ... | StoredXPathInjection.cs:22:39:22:65 | call to method GetString : String | StoredXPathInjection.cs:28:41:28:144 | ... + ... | XPath expression depends on a $@. | StoredXPathInjection.cs:22:39:22:65 | call to method GetString | stored user-provided value |
-| StoredXPathInjection.cs:28:41:28:144 | ... + ... | StoredXPathInjection.cs:23:39:23:65 | call to method GetString : String | StoredXPathInjection.cs:28:41:28:144 | ... + ... | XPath expression depends on a $@. | StoredXPathInjection.cs:23:39:23:65 | call to method GetString | stored user-provided value |
+| StoredXPathInjection.cs:25:45:25:148 | ... + ... | StoredXPathInjection.cs:22:39:22:65 | call to method GetString : String | StoredXPathInjection.cs:25:45:25:148 | ... + ... | XPath expression depends on a $@. | StoredXPathInjection.cs:22:39:22:65 | call to method GetString | stored (potentially user-provided) value |
+| StoredXPathInjection.cs:25:45:25:148 | ... + ... | StoredXPathInjection.cs:23:39:23:65 | call to method GetString : String | StoredXPathInjection.cs:25:45:25:148 | ... + ... | XPath expression depends on a $@. | StoredXPathInjection.cs:23:39:23:65 | call to method GetString | stored (potentially user-provided) value |
+| StoredXPathInjection.cs:28:41:28:144 | ... + ... | StoredXPathInjection.cs:22:39:22:65 | call to method GetString : String | StoredXPathInjection.cs:28:41:28:144 | ... + ... | XPath expression depends on a $@. | StoredXPathInjection.cs:22:39:22:65 | call to method GetString | stored (potentially user-provided) value |
+| StoredXPathInjection.cs:28:41:28:144 | ... + ... | StoredXPathInjection.cs:23:39:23:65 | call to method GetString : String | StoredXPathInjection.cs:28:41:28:144 | ... + ... | XPath expression depends on a $@. | StoredXPathInjection.cs:23:39:23:65 | call to method GetString | stored (potentially user-provided) value |

Original file line number	Diff line number	Diff line change
`@@ -27,5 +27,5 @@ where`
`27`	`27`	`xor2.getAnOperand() = v.getAnAccess()`
`28`	`28`	`)`
`29`	`29`	`)`
`30`		`-select l, "This literal is used in an $@ after a FNV-like hash calculation with variable $@.",`
	`30`	`+select l, "This literal is used in an $@ after an FNV-like hash calculation with variable $@.",`
`31`	`31`	`additional_xor, "additional xor", v, v.toString()`