github · michaelnebel · May 7, 2024 · Apr 29, 2024 · May 6, 2024
@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.codedom.Compiler
 private import semmle.code.csharp.security.Sanitizers
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for user input treated as code vulnerabilities.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for user input treated as code vulnerabilities.

@@ -6,6 +6,7 @@
 import csharp
 private import semmle.code.csharp.controlflow.Guards
 private import semmle.code.csharp.controlflow.BasicBlocks
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.Net
@@ -14,12 +15,12 @@ private import semmle.code.csharp.security.SensitiveActions
 /**
  * A data flow source for user-controlled bypass of sensitive method.
  */
-abstract class Source extends DataFlow::Node { }
+abstract class Source extends ApiSourceNode { }
 
 /**
  * A data flow sink for user-controlled bypass of sensitive method.
  */
-abstract class Sink extends DataFlow::ExprNode {
+abstract class Sink extends ApiSinkExprNode {
   /** Gets the 'MethodCall' which is considered sensitive. */
   abstract MethodCall getSensitiveMethodCall();
 }

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.security.dataflow.flowsinks.ExternalLocationSink
 private import semmle.code.csharp.security.PrivateData
@@ -15,7 +16,7 @@ abstract class Source extends DataFlow::ExprNode { }
 /**
  * A data flow sink for private information flowing unencrypted to an external location.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for private information flowing unencrypted to an external location.

@@ -9,6 +9,7 @@ private import semmle.code.csharp.frameworks.Moq
 private import semmle.code.csharp.frameworks.system.web.Security
 private import semmle.code.csharp.frameworks.system.security.cryptography.X509Certificates
 private import semmle.code.csharp.frameworks.Test
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 
 /**
  * A data flow source for hard coded credentials.
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::ExprNode { }
 /**
  * A data flow sink for hard coded credentials.
  */
-abstract class Sink extends DataFlow::ExprNode {
+abstract class Sink extends ApiSinkExprNode {
   /**
    * Gets a description of this sink, including a placeholder for the sink and a placeholder for
    * the supplementary element.

@@ -4,6 +4,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.DirectoryServices
 private import semmle.code.csharp.frameworks.system.directoryservices.Protocols
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for unvalidated user input that is used to construct LDAP queries.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for unvalidated user input that is used to construct LDAP queries.

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used in log entries.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used in log entries.

@@ -4,6 +4,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.Xml
 private import semmle.code.csharp.security.Sanitizers
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
  * A data flow sink for untrusted user input processed as XML without validation against a known
  * schema.
  */
-abstract class Sink extends DataFlow::ExprNode {
+abstract class Sink extends ApiSinkExprNode {
   /** Gets a string describing the reason why this is a sink. */
   abstract string getReason();
 }

@@ -5,6 +5,7 @@
 
 import csharp
 private import semmle.code.csharp.dataflow.DataFlow2
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
 private import semmle.code.csharp.security.Sanitizers
@@ -17,7 +18,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used in dangerous regular expression operations.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used in dangerous regular expression operations.

@@ -4,6 +4,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
 private import semmle.code.csharp.security.Sanitizers
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used to construct regular expressions.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used to construct regular expressions.

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.Data
 private import semmle.code.csharp.security.Sanitizers
@@ -15,7 +16,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used in resource descriptors.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used in resource descriptors.

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.Sql
 private import semmle.code.csharp.security.Sanitizers
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A sink for SQL injection vulnerabilities.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for SQL injection vulnerabilities.

@@ -5,6 +5,7 @@
 
 import csharp
 private import semmle.code.csharp.controlflow.Guards
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.IO
 private import semmle.code.csharp.frameworks.system.Web
@@ -18,7 +19,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for uncontrolled data in path expression vulnerabilities.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for uncontrolled data in path expression vulnerabilities.

@@ -6,6 +6,7 @@
 import csharp
 private import semmle.code.csharp.serialization.Deserializers
 private import semmle.code.csharp.dataflow.TaintTracking2
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 
 /**
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for unsafe deserialization vulnerabilities.
  */
-abstract class Sink extends DataFlow::Node { }
+abstract class Sink extends ApiSinkNode { }
 
 /**
  * A data flow sink for unsafe deserialization vulnerabilities to an instance method.

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.controlflow.Guards
 private import semmle.code.csharp.frameworks.Format
@@ -20,7 +21,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for unvalidated URL redirect vulnerabilities.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for unvalidated URL redirect vulnerabilities.

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.System
 private import semmle.code.csharp.frameworks.system.text.RegularExpressions
@@ -19,7 +20,7 @@ private class ThreatModelSource extends Source instanceof ThreatModelFlowSource
 /**
  * A data flow sink for untrusted user input used in XML processing.
  */
-abstract class Sink extends DataFlow::ExprNode {
+abstract class Sink extends ApiSinkExprNode {
   /**
    * Gets the reason for the insecurity of this sink.
    */

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
 private import semmle.code.csharp.frameworks.system.xml.XPath
 private import semmle.code.csharp.frameworks.system.Xml
@@ -16,7 +17,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for untrusted user input used in XPath expression.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for untrusted user input used in XPath expression.

@@ -4,6 +4,7 @@
 
 import csharp
 private import semmle.code.csharp.controlflow.Guards
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 
 /**
  * A data flow source for unsafe zip extraction.
@@ -13,7 +14,7 @@ abstract class Source extends DataFlow::Node { }
 /**
  * A data flow sink for unsafe zip extraction.
  */
-abstract class Sink extends DataFlow::ExprNode { }
+abstract class Sink extends ApiSinkExprNode { }
 
 /**
  * A sanitizer for unsafe zip extraction.