From d60b90acd324baa1bed1ddeca452f2d434d7fb48 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Fri, 3 Dec 2021 14:52:40 +0100 Subject: [PATCH] C#: Manual update of System.String and System.Convert flow summaries. --- .../semmle/code/csharp/frameworks/System.qll | 58 +++++++++++-------- .../dataflow/library/FlowSummaries.expected | 58 +++++++++++-------- .../library/FlowSummariesFiltered.expected | 58 +++++++++++-------- 3 files changed, 99 insertions(+), 75 deletions(-) diff --git a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll index 27d1ddd7df0..908a8750c98 100644 --- a/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll +++ b/csharp/ql/lib/semmle/code/csharp/frameworks/System.qll @@ -120,19 +120,21 @@ private class SystemConvertFlowModelCsv extends SummaryModelCsv { "System;Convert;false;ChangeType;(System.Object,System.Type,System.IFormatProvider);;Argument[0];ReturnValue;taint", "System;Convert;false;ChangeType;(System.Object,System.TypeCode);;Argument[0];ReturnValue;taint", "System;Convert;false;ChangeType;(System.Object,System.TypeCode,System.IFormatProvider);;Argument[0];ReturnValue;taint", - "System;Convert;false;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint", - "System;Convert;false;FromBase64String;(System.String);;Argument[0];ReturnValue;taint", - "System;Convert;false;FromHexString;(System.ReadOnlySpan);;Argument[0];ReturnValue;taint", - "System;Convert;false;FromHexString;(System.String);;Argument[0];ReturnValue;taint", + "System;Convert;false;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);;Element of Argument[0];Element of ReturnValue;taint", + "System;Convert;false;FromBase64String;(System.String);;Argument[0];Element of ReturnValue;taint", + "System;Convert;false;FromHexString;(System.ReadOnlySpan);;Element of Argument[0];Element of ReturnValue;taint", + "System;Convert;false;FromHexString;(System.String);;Argument[0];Element of ReturnValue;taint", "System;Convert;false;GetTypeCode;(System.Object);;Argument[0];ReturnValue;taint", "System;Convert;false;IsDBNull;(System.Object);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToBase64String;(System.Byte[]);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToBase64String;(System.Byte[],System.Base64FormattingOptions);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToBase64String;(System.ReadOnlySpan,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint", + "System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);;Element of Argument[0];Element of Argument[3];taint", + "System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);;Element of Argument[0];Element of Argument[3];taint", + "System;Convert;false;ToBase64String;(System.Byte[]);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;ToBase64String;(System.Byte[],System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;ToBase64String;(System.ReadOnlySpan,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint", "System;Convert;false;ToBoolean;(System.Boolean);;Argument[0];ReturnValue;taint", "System;Convert;false;ToBoolean;(System.Byte);;Argument[0];ReturnValue;taint", "System;Convert;false;ToBoolean;(System.Char);;Argument[0];ReturnValue;taint", @@ -242,9 +244,9 @@ private class SystemConvertFlowModelCsv extends SummaryModelCsv { "System;Convert;false;ToDouble;(System.UInt16);;Argument[0];ReturnValue;taint", "System;Convert;false;ToDouble;(System.UInt32);;Argument[0];ReturnValue;taint", "System;Convert;false;ToDouble;(System.UInt64);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToHexString;(System.Byte[]);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToHexString;(System.Byte[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint", - "System;Convert;false;ToHexString;(System.ReadOnlySpan);;Argument[0];ReturnValue;taint", + "System;Convert;false;ToHexString;(System.Byte[]);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;ToHexString;(System.Byte[],System.Int32,System.Int32);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;ToHexString;(System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint", "System;Convert;false;ToInt16;(System.Boolean);;Argument[0];ReturnValue;taint", "System;Convert;false;ToInt16;(System.Byte);;Argument[0];ReturnValue;taint", "System;Convert;false;ToInt16;(System.Char);;Argument[0];ReturnValue;taint", @@ -432,9 +434,15 @@ private class SystemConvertFlowModelCsv extends SummaryModelCsv { "System;Convert;false;ToUInt64;(System.UInt16);;Argument[0];ReturnValue;taint", "System;Convert;false;ToUInt64;(System.UInt32);;Argument[0];ReturnValue;taint", "System;Convert;false;ToUInt64;(System.UInt64);;Argument[0];ReturnValue;taint", - "System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Argument[0];ReturnValue;taint", + "System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Element of Argument[0];Element of Argument[1];taint", + "System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Element of Argument[0];Argument[2];taint", "System;Convert;false;TryFromBase64String;(System.String,System.Span,System.Int32);;Argument[0];ReturnValue;taint", - "System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint", + "System;Convert;false;TryFromBase64String;(System.String,System.Span,System.Int32);;Argument[0];Element of Argument[1];taint", + "System;Convert;false;TryFromBase64String;(System.String,System.Span,System.Int32);;Argument[0];Argument[2];taint", + "System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint", + "System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];Element of Argument[1];taint", + "System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];Argument[2];taint", ] } } @@ -862,15 +870,15 @@ private class SystemStringFlowModelCsv extends SummaryModelCsv { "System;String;false;Concat;(System.Object,System.Object,System.Object);;Argument[1];ReturnValue;taint", "System;String;false;Concat;(System.Object,System.Object,System.Object);;Argument[2];ReturnValue;taint", "System;String;false;Concat;(System.Object[]);;Element of Argument[0];ReturnValue;taint", - "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Argument[0];ReturnValue;taint", - "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Argument[1];ReturnValue;taint", - "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[0];ReturnValue;taint", - "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[1];ReturnValue;taint", - "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[2];ReturnValue;taint", - "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[0];ReturnValue;taint", - "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[1];ReturnValue;taint", - "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[2];ReturnValue;taint", - "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[3];ReturnValue;taint", + "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint", + "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[1];ReturnValue;taint", + "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint", + "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[1];ReturnValue;taint", + "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[2];ReturnValue;taint", + "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint", + "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[1];ReturnValue;taint", + "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[2];ReturnValue;taint", + "System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[3];ReturnValue;taint", "System;String;false;Concat;(System.String,System.String);;Argument[0];ReturnValue;taint", "System;String;false;Concat;(System.String,System.String);;Argument[1];ReturnValue;taint", "System;String;false;Concat;(System.String,System.String,System.String);;Argument[0];ReturnValue;taint", diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 42006a06785..7ad858ef4ba 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -2343,19 +2343,21 @@ | System;Convert;false;ChangeType;(System.Object,System.Type,System.IFormatProvider);;Argument[0];ReturnValue;taint | | System;Convert;false;ChangeType;(System.Object,System.TypeCode);;Argument[0];ReturnValue;taint | | System;Convert;false;ChangeType;(System.Object,System.TypeCode,System.IFormatProvider);;Argument[0];ReturnValue;taint | -| System;Convert;false;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;FromBase64String;(System.String);;Argument[0];ReturnValue;taint | -| System;Convert;false;FromHexString;(System.ReadOnlySpan);;Argument[0];ReturnValue;taint | -| System;Convert;false;FromHexString;(System.String);;Argument[0];ReturnValue;taint | +| System;Convert;false;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);;Element of Argument[0];Element of ReturnValue;taint | +| System;Convert;false;FromBase64String;(System.String);;Argument[0];Element of ReturnValue;taint | +| System;Convert;false;FromHexString;(System.ReadOnlySpan);;Element of Argument[0];Element of ReturnValue;taint | +| System;Convert;false;FromHexString;(System.String);;Argument[0];Element of ReturnValue;taint | | System;Convert;false;GetTypeCode;(System.Object);;Argument[0];ReturnValue;taint | | System;Convert;false;IsDBNull;(System.Object);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.Byte[]);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.Byte[],System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.ReadOnlySpan,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);;Element of Argument[0];Element of Argument[3];taint | +| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);;Element of Argument[0];Element of Argument[3];taint | +| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.Byte[]);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.Byte[],System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.ReadOnlySpan,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | | System;Convert;false;ToBoolean;(System.Boolean);;Argument[0];ReturnValue;taint | | System;Convert;false;ToBoolean;(System.Byte);;Argument[0];ReturnValue;taint | | System;Convert;false;ToBoolean;(System.Char);;Argument[0];ReturnValue;taint | @@ -2465,9 +2467,9 @@ | System;Convert;false;ToDouble;(System.UInt16);;Argument[0];ReturnValue;taint | | System;Convert;false;ToDouble;(System.UInt32);;Argument[0];ReturnValue;taint | | System;Convert;false;ToDouble;(System.UInt64);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToHexString;(System.Byte[]);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToHexString;(System.Byte[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToHexString;(System.ReadOnlySpan);;Argument[0];ReturnValue;taint | +| System;Convert;false;ToHexString;(System.Byte[]);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToHexString;(System.Byte[],System.Int32,System.Int32);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToHexString;(System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint | | System;Convert;false;ToInt16;(System.Boolean);;Argument[0];ReturnValue;taint | | System;Convert;false;ToInt16;(System.Byte);;Argument[0];ReturnValue;taint | | System;Convert;false;ToInt16;(System.Char);;Argument[0];ReturnValue;taint | @@ -2655,9 +2657,15 @@ | System;Convert;false;ToUInt64;(System.UInt16);;Argument[0];ReturnValue;taint | | System;Convert;false;ToUInt64;(System.UInt32);;Argument[0];ReturnValue;taint | | System;Convert;false;ToUInt64;(System.UInt64);;Argument[0];ReturnValue;taint | -| System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Argument[0];ReturnValue;taint | +| System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Element of Argument[0];Argument[2];taint | +| System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Element of Argument[0];Element of Argument[1];taint | +| System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;TryFromBase64String;(System.String,System.Span,System.Int32);;Argument[0];Argument[2];taint | +| System;Convert;false;TryFromBase64String;(System.String,System.Span,System.Int32);;Argument[0];Element of Argument[1];taint | | System;Convert;false;TryFromBase64String;(System.String,System.Span,System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | +| System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];Argument[2];taint | +| System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];Element of Argument[1];taint | +| System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | | System;Int32;false;Parse;(System.ReadOnlySpan,System.Globalization.NumberStyles,System.IFormatProvider);;Element of Argument[0];ReturnValue;taint | | System;Int32;false;Parse;(System.String);;Argument[0];ReturnValue;taint | | System;Int32;false;Parse;(System.String,System.Globalization.NumberStyles);;Argument[0];ReturnValue;taint | @@ -2690,15 +2698,15 @@ | System;String;false;Concat;(System.Object,System.Object,System.Object);;Argument[1];ReturnValue;taint | | System;String;false;Concat;(System.Object,System.Object,System.Object);;Argument[2];ReturnValue;taint | | System;String;false;Concat;(System.Object[]);;Element of Argument[0];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Argument[0];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Argument[1];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[0];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[1];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[2];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[0];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[1];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[2];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[3];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[1];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[1];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[2];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[1];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[2];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[3];ReturnValue;taint | | System;String;false;Concat;(System.String,System.String);;Argument[0];ReturnValue;taint | | System;String;false;Concat;(System.String,System.String);;Argument[1];ReturnValue;taint | | System;String;false;Concat;(System.String,System.String,System.String);;Argument[0];ReturnValue;taint | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index e24b3273fa2..2f8d18505a0 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -2017,19 +2017,21 @@ | System;Convert;false;ChangeType;(System.Object,System.Type,System.IFormatProvider);;Argument[0];ReturnValue;taint | | System;Convert;false;ChangeType;(System.Object,System.TypeCode);;Argument[0];ReturnValue;taint | | System;Convert;false;ChangeType;(System.Object,System.TypeCode,System.IFormatProvider);;Argument[0];ReturnValue;taint | -| System;Convert;false;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;FromBase64String;(System.String);;Argument[0];ReturnValue;taint | -| System;Convert;false;FromHexString;(System.ReadOnlySpan);;Argument[0];ReturnValue;taint | -| System;Convert;false;FromHexString;(System.String);;Argument[0];ReturnValue;taint | +| System;Convert;false;FromBase64CharArray;(System.Char[],System.Int32,System.Int32);;Element of Argument[0];Element of ReturnValue;taint | +| System;Convert;false;FromBase64String;(System.String);;Argument[0];Element of ReturnValue;taint | +| System;Convert;false;FromHexString;(System.ReadOnlySpan);;Element of Argument[0];Element of ReturnValue;taint | +| System;Convert;false;FromHexString;(System.String);;Argument[0];Element of ReturnValue;taint | | System;Convert;false;GetTypeCode;(System.Object);;Argument[0];ReturnValue;taint | | System;Convert;false;IsDBNull;(System.Object);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.Byte[]);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.Byte[],System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToBase64String;(System.ReadOnlySpan,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);;Element of Argument[0];Element of Argument[3];taint | +| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);;Element of Argument[0];Element of Argument[3];taint | +| System;Convert;false;ToBase64CharArray;(System.Byte[],System.Int32,System.Int32,System.Char[],System.Int32,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.Byte[]);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.Byte[],System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.Byte[],System.Int32,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToBase64String;(System.ReadOnlySpan,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | | System;Convert;false;ToBoolean;(System.Boolean);;Argument[0];ReturnValue;taint | | System;Convert;false;ToBoolean;(System.Byte);;Argument[0];ReturnValue;taint | | System;Convert;false;ToBoolean;(System.Char);;Argument[0];ReturnValue;taint | @@ -2139,9 +2141,9 @@ | System;Convert;false;ToDouble;(System.UInt16);;Argument[0];ReturnValue;taint | | System;Convert;false;ToDouble;(System.UInt32);;Argument[0];ReturnValue;taint | | System;Convert;false;ToDouble;(System.UInt64);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToHexString;(System.Byte[]);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToHexString;(System.Byte[],System.Int32,System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;ToHexString;(System.ReadOnlySpan);;Argument[0];ReturnValue;taint | +| System;Convert;false;ToHexString;(System.Byte[]);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToHexString;(System.Byte[],System.Int32,System.Int32);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;ToHexString;(System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint | | System;Convert;false;ToInt16;(System.Boolean);;Argument[0];ReturnValue;taint | | System;Convert;false;ToInt16;(System.Byte);;Argument[0];ReturnValue;taint | | System;Convert;false;ToInt16;(System.Char);;Argument[0];ReturnValue;taint | @@ -2329,9 +2331,15 @@ | System;Convert;false;ToUInt64;(System.UInt16);;Argument[0];ReturnValue;taint | | System;Convert;false;ToUInt64;(System.UInt32);;Argument[0];ReturnValue;taint | | System;Convert;false;ToUInt64;(System.UInt64);;Argument[0];ReturnValue;taint | -| System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Argument[0];ReturnValue;taint | +| System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Element of Argument[0];Argument[2];taint | +| System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Element of Argument[0];Element of Argument[1];taint | +| System;Convert;false;TryFromBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32);;Element of Argument[0];ReturnValue;taint | +| System;Convert;false;TryFromBase64String;(System.String,System.Span,System.Int32);;Argument[0];Argument[2];taint | +| System;Convert;false;TryFromBase64String;(System.String,System.Span,System.Int32);;Argument[0];Element of Argument[1];taint | | System;Convert;false;TryFromBase64String;(System.String,System.Span,System.Int32);;Argument[0];ReturnValue;taint | -| System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Argument[0];ReturnValue;taint | +| System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];Argument[2];taint | +| System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];Element of Argument[1];taint | +| System;Convert;false;TryToBase64Chars;(System.ReadOnlySpan,System.Span,System.Int32,System.Base64FormattingOptions);;Element of Argument[0];ReturnValue;taint | | System;Int32;false;Parse;(System.ReadOnlySpan,System.Globalization.NumberStyles,System.IFormatProvider);;Element of Argument[0];ReturnValue;taint | | System;Int32;false;Parse;(System.String);;Argument[0];ReturnValue;taint | | System;Int32;false;Parse;(System.String,System.Globalization.NumberStyles);;Argument[0];ReturnValue;taint | @@ -2364,15 +2372,15 @@ | System;String;false;Concat;(System.Object,System.Object,System.Object);;Argument[1];ReturnValue;taint | | System;String;false;Concat;(System.Object,System.Object,System.Object);;Argument[2];ReturnValue;taint | | System;String;false;Concat;(System.Object[]);;Element of Argument[0];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Argument[0];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Argument[1];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[0];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[1];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[2];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[0];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[1];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[2];ReturnValue;taint | -| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Argument[3];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[1];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[1];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[2];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[0];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[1];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[2];ReturnValue;taint | +| System;String;false;Concat;(System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan,System.ReadOnlySpan);;Element of Argument[3];ReturnValue;taint | | System;String;false;Concat;(System.String,System.String);;Argument[0];ReturnValue;taint | | System;String;false;Concat;(System.String,System.String);;Argument[1];ReturnValue;taint | | System;String;false;Concat;(System.String,System.String,System.String);;Argument[0];ReturnValue;taint |