From a5b801b31f38c3d8173d4a54032f5b3220a89749 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Fri, 1 Mar 2024 13:56:09 -0500 Subject: [PATCH 01/15] Add File reading methods --- csharp/ql/lib/ext/System.IO.model.yml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index e1120d5684ec..7ad4a4b35ce3 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -7,7 +7,18 @@ extensions: - ["System.IO", "File", False, "Create", "", "", "ReturnValue", "file-write", "manual"] - ["System.IO", "File", False, "CreateText", "", "", "ReturnValue", "file-write", "manual"] - ["System.IO", "File", False, "Open", "", "", "ReturnValue", "file-write", "manual"] + - ["System.IO", "File", False, "Open", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "File", False, "OpenRead", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "File", False, "OpenText", "", "", "ReturnValue", "file", "manual"] - ["System.IO", "File", False, "OpenWrite", "", "", "ReturnValue", "file-write", "manual"] + - ["System.IO", "File", False, "ReadAllBytes", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "File", False, "ReadAllBytesAsync", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "File", False, "ReadAllLines", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "File", False, "ReadAllLinesAsync", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "File", False, "ReadAllText", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "File", False, "ReadAllTextAsync", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "File", False, "ReadLines", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "File", False, "ReadLinesAsync", "", "", "ReturnValue", "file", "manual"] - ["System.IO", "FileInfo", False, "AppendText", "", "", "ReturnValue", "file-write", "manual"] - ["System.IO", "FileInfo", False, "Create", "", "", "ReturnValue", "file-write", "manual"] - ["System.IO", "FileInfo", False, "CreateText", "", "", "ReturnValue", "file-write", "manual"] From bb9b0eabf27f3cf5548ee5205400b94c3fbfe973 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Fri, 1 Mar 2024 13:56:25 -0500 Subject: [PATCH 02/15] Add BufferedStream summary models --- csharp/ql/lib/ext/System.IO.model.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index 7ad4a4b35ce3..c1d98d55410a 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -36,6 +36,8 @@ extensions: pack: codeql/csharp-all extensible: summaryModel data: + - ["System.IO", "BufferedStream", False, "BufferedStream", "(System.IO.Stream)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["System.IO", "BufferedStream", False, "BufferedStream", "(System.IO.Stream,System.Int32)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode,System.IO.FileAccess)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["System.IO", "FileStream", False, "FileStream", "(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare)", "", "Argument[0]", "Argument[this]", "taint", "manual"] From a8c5e4e0f275514ae7a6b616bc14e36a9338401c Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Fri, 1 Mar 2024 13:59:04 -0500 Subject: [PATCH 03/15] FileInfo source models --- csharp/ql/lib/ext/System.IO.model.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index c1d98d55410a..31ca78ff4985 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -23,6 +23,8 @@ extensions: - ["System.IO", "FileInfo", False, "Create", "", "", "ReturnValue", "file-write", "manual"] - ["System.IO", "FileInfo", False, "CreateText", "", "", "ReturnValue", "file-write", "manual"] - ["System.IO", "FileInfo", False, "Open", "", "", "ReturnValue", "file-write", "manual"] + - ["System.IO", "FileInfo", False, "Open", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "FileInfo", False, "OpenRead", "", "", "ReturnValue", "file", "manual"] - ["System.IO", "FileInfo", False, "OpenWrite", "", "", "ReturnValue", "file-write", "manual"] - ["System.IO", "FileStream", False, "FileStream", "", "", "Argument[this]", "file", "manual"] - ["System.IO", "FileStream", False, "FileStream", "", "", "Argument[this]", "file-write", "manual"] From 9232fafde1266fa8bcd34ac62476fdd57fd5e8f8 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Fri, 1 Mar 2024 15:37:38 -0500 Subject: [PATCH 04/15] Add `System.IO.Stream::Read(Span)` model --- csharp/ql/lib/ext/System.IO.model.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index 31ca78ff4985..14838b50385a 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -84,6 +84,7 @@ extensions: - ["System.IO", "Stream", True, "CopyToAsync", "(System.IO.Stream,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"] - ["System.IO", "Stream", False, "CopyToAsync", "(System.IO.Stream,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"] - ["System.IO", "Stream", True, "Read", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] + - ["System.IO", "Stream", True, "Read", "(System.Span)", "", "Argument[this]", "Argument[0]", "taint", "manual"] - ["System.IO", "Stream", False, "ReadAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - ["System.IO", "Stream", True, "ReadAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - ["System.IO", "Stream", True, "Write", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"] From d387e6d0686840453601a7e18fedd4cd1590704f Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Thu, 7 Mar 2024 00:34:06 -0500 Subject: [PATCH 05/15] Fix flow-summary tests --- .../dataflow/library/FlowSummaries.expected | 18 +++++++++++++++++- .../library/FlowSummariesFiltered.expected | 4 +++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 30396dbf4101..4a319fec7bfd 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -1478,6 +1478,7 @@ summary | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;FileBufferingReadStream;(System.IO.Stream,System.Int32,System.Nullable,System.Func);;Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;FileBufferingReadStream;(System.IO.Stream,System.Int32,System.Nullable,System.Func,System.Buffers.ArrayPool);;Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -4067,6 +4068,7 @@ summary | ServiceStack.Text;NetCoreMemory;false;Deserialize;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;NetCoreMemory;false;DeserializeAsync;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;RecyclableMemoryStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| ServiceStack.Text;RecyclableMemoryStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | ServiceStack.Text;RecyclableMemoryStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | ServiceStack.Text;RecyclableMemoryStreamManager+EventHandler;false;BeginInvoke;(System.AsyncCallback,System.Object);;Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;RecyclableMemoryStreamManager+LargeBufferDiscardedEventHandler;false;BeginInvoke;(ServiceStack.Text.RecyclableMemoryStreamManager+Events+MemoryStreamDiscardReason,System.AsyncCallback,System.Object);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -9395,6 +9397,7 @@ summary | System.IO.Compression;BrotliStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO.Compression;BrotliStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;BrotliStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO.Compression;BrotliStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO.Compression;BrotliStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;BrotliStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;BrotliStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -9414,6 +9417,7 @@ summary | System.IO.Compression;DeflateStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO.Compression;DeflateStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;DeflateStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO.Compression;DeflateStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO.Compression;DeflateStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;DeflateStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;DeflateStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -9431,6 +9435,7 @@ summary | System.IO.Compression;GZipStream;false;GZipStream;(System.IO.Stream,System.IO.Compression.CompressionLevel,System.Boolean);;Argument[0];Argument[this];taint;df-generated | | System.IO.Compression;GZipStream;false;GZipStream;(System.IO.Stream,System.IO.Compression.CompressionMode,System.Boolean);;Argument[0];Argument[this];taint;df-generated | | System.IO.Compression;GZipStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO.Compression;GZipStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO.Compression;GZipStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;GZipStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;GZipStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -9446,6 +9451,7 @@ summary | System.IO.Compression;ZLibStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO.Compression;ZLibStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;ZLibStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO.Compression;ZLibStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO.Compression;ZLibStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;ZLibStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;ZLibStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -9502,6 +9508,7 @@ summary | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO.IsolatedStorage;IsolatedStorageFileStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -9562,6 +9569,7 @@ summary | System.IO.Pipes;PipeStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Pipes;PipeStream;false;InitializeHandle;(Microsoft.Win32.SafeHandles.SafePipeHandle,System.Boolean,System.Boolean);;Argument[0];Argument[this];taint;df-generated | | System.IO.Pipes;PipeStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO.Pipes;PipeStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO.Pipes;PipeStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Pipes;PipeStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Pipes;PipeStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -9584,11 +9592,13 @@ summary | System.IO;BufferedStream;false;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[this];Argument[0].Element;taint;manual | | System.IO;BufferedStream;false;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[0].Element;Argument[this];taint;manual | | System.IO;BufferedStream;false;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[3];Argument[3].Parameter[delegate-self];value;manual | -| System.IO;BufferedStream;false;BufferedStream;(System.IO.Stream,System.Int32);;Argument[0];Argument[this];taint;df-generated | +| System.IO;BufferedStream;false;BufferedStream;(System.IO.Stream);;Argument[0];Argument[this];taint;manual | +| System.IO;BufferedStream;false;BufferedStream;(System.IO.Stream,System.Int32);;Argument[0];Argument[this];taint;manual | | System.IO;BufferedStream;false;CopyTo;(System.IO.Stream,System.Int32);;Argument[this];Argument[0];taint;manual | | System.IO;BufferedStream;false;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | | System.IO;BufferedStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;BufferedStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;BufferedStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO;BufferedStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;BufferedStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;BufferedStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -9685,6 +9695,7 @@ summary | System.IO;FileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO;FileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;FileStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;FileStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO;FileStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;FileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.IO;FileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -9740,6 +9751,7 @@ summary | System.IO;MemoryStream;false;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);;Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;false;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean,System.Boolean);;Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;MemoryStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO;MemoryStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;MemoryStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;MemoryStream;false;ToArray;();;Argument[this];ReturnValue;taint;manual | @@ -9824,6 +9836,7 @@ summary | System.IO;Stream;true;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | | System.IO;Stream;true;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;Stream;true;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;Stream;true;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO;Stream;true;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;Stream;true;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;Stream;true;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -10038,6 +10051,7 @@ summary | System.IO;UnmanagedMemoryStream;false;Initialize;(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess);;Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;false;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);;Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;UnmanagedMemoryStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO;UnmanagedMemoryStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;UnmanagedMemoryStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;UnmanagedMemoryStream;false;UnmanagedMemoryStream;(System.Byte*,System.Int64);;Argument[0];Argument[this];taint;df-generated | @@ -11977,6 +11991,7 @@ summary | System.Net.Quic;QuicStream;false;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[3];Argument[3].Parameter[delegate-self];value;manual | | System.Net.Quic;QuicStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.Net.Quic;QuicStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.Net.Quic;QuicStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.Net.Quic;QuicStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Quic;QuicStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.Net.Quic;QuicStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -12082,6 +12097,7 @@ summary | System.Net.Sockets;NetworkStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.Net.Sockets;NetworkStream;false;NetworkStream;(System.Net.Sockets.Socket,System.IO.FileAccess,System.Boolean);;Argument[0];Argument[this];taint;df-generated | | System.Net.Sockets;NetworkStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.Net.Sockets;NetworkStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index cf17fed3269c..50b1a5178cf4 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -7532,7 +7532,8 @@ | System.IO;BinaryWriter;false;Write;(System.Byte[]);;Argument[0].Element;Argument[this];taint;df-generated | | System.IO;BinaryWriter;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;df-generated | | System.IO;BinaryWriter;false;get_BaseStream;();;Argument[this];ReturnValue;taint;df-generated | -| System.IO;BufferedStream;false;BufferedStream;(System.IO.Stream,System.Int32);;Argument[0];Argument[this];taint;df-generated | +| System.IO;BufferedStream;false;BufferedStream;(System.IO.Stream);;Argument[0];Argument[this];taint;manual | +| System.IO;BufferedStream;false;BufferedStream;(System.IO.Stream,System.Int32);;Argument[0];Argument[this];taint;manual | | System.IO;BufferedStream;false;get_UnderlyingStream;();;Argument[this];ReturnValue;taint;df-generated | | System.IO;Directory;false;CreateDirectory;(System.String);;Argument[0];ReturnValue;taint;df-generated | | System.IO;Directory;false;CreateDirectory;(System.String,System.IO.UnixFileMode);;Argument[0];ReturnValue;taint;df-generated | @@ -7738,6 +7739,7 @@ | System.IO;Stream;true;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | | System.IO;Stream;true;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;Stream;true;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;Stream;true;Read;(System.Span);;Argument[this];Argument[0];taint;manual | | System.IO;Stream;true;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;Stream;true;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;Stream;true;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | From 3e29a8d2a189a36e8b47a94dd022f3210957d5e8 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 13 Mar 2024 13:18:43 -0400 Subject: [PATCH 06/15] System.IO files test --- .../dataflow/flowsources/stored/file/Files.cs | 84 +++++++++++++++++++ .../flowsources/stored/file/Files.expected | 0 .../flowsources/stored/file/Files.ext.yml | 7 ++ .../dataflow/flowsources/stored/file/Files.ql | 12 +++ .../dataflow/flowsources/stored/file/options | 3 + 5 files changed, 106 insertions(+) create mode 100644 csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.cs create mode 100644 csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.expected create mode 100644 csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ext.yml create mode 100644 csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql create mode 100644 csharp/ql/test/library-tests/dataflow/flowsources/stored/file/options diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.cs b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.cs new file mode 100644 index 000000000000..168a7086f8d7 --- /dev/null +++ b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.cs @@ -0,0 +1,84 @@ +using System.IO; + +namespace Test +{ + class Files + { + public static void ReadAllText(string path) + { + string text = File.ReadAllText(path); + Sink(text); // $ hasTaintFlow=line:9 + } + + public static void ReadAllLines(string path) + { + string[] lines = File.ReadAllLines(path); + Sink(lines); // $ hasTaintFlow=line:15 + } + + public static void ReadAllBytes(string path) + { + byte[] bytes = File.ReadAllBytes(path); + Sink(bytes); // $ hasTaintFlow=line:21 + } + + public static void ReadLines(string path) + { + foreach (string line in File.ReadLines(path)) + { + Sink(line); // $ hasTaintFlow=line:27 + } + } + + public static void BuuferedRead(string path) + { + using (FileStream fs = new FileStream(path, FileMode.Open)) + { + using (BufferedStream bs = new BufferedStream(fs)) + { + using (StreamReader sr = new StreamReader(bs)) + { + string line; + while ((line = sr.ReadLine()) != null) + { + Sink(line); // $ hasTaintFlow=line:35 + } + } + } + } + } + + public static void ReadBlocks(string path) + { + using (FileStream fs = File.OpenRead(path)) + { + byte[] buffer = new byte[1024]; + int bytesRead; + while ((bytesRead = fs.Read(buffer, 0, buffer.Length)) > 0) + { + Sink(buffer[0]); // $ hasTaintFlow=line:53 + } + } + } + + public static async void ReadAllTextAsync(string path) + { + string text = await File.ReadAllTextAsync(path); + Sink(text); // $ hasTaintFlow=line:66 + + using (FileStream fs = File.Open(path, FileMode.Open)) + { + using (StreamReader sr = new StreamReader(fs)) + { + string line; + while ((line = await sr.ReadLineAsync()) != null) + { + Sink(line); // $ hasTaintFlow=line:69 + } + } + } + } + + static void Sink(object o) { } + } +} \ No newline at end of file diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.expected b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.expected new file mode 100644 index 000000000000..e69de29bb2d1 diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ext.yml b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ext.yml new file mode 100644 index 000000000000..520203b141fe --- /dev/null +++ b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ext.yml @@ -0,0 +1,7 @@ +extensions: + + - addsTo: + pack: codeql/threat-models + extensible: threatModelConfiguration + data: + - ["file", true, 0] \ No newline at end of file diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql new file mode 100644 index 000000000000..1060ea756a26 --- /dev/null +++ b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.ql @@ -0,0 +1,12 @@ +import csharp +import semmle.code.csharp.security.dataflow.flowsources.FlowSources +import TestUtilities.InlineFlowTest +import TaintFlowTest + +module FilesConfig implements DataFlow::ConfigSig { + predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource } + + predicate isSink(DataFlow::Node sink) { + exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0)) + } +} diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/options b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/options new file mode 100644 index 000000000000..13f94236f19a --- /dev/null +++ b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/options @@ -0,0 +1,3 @@ +semmle-extractor-options: /nostdlib /noconfig +semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../resources/stubs/_frameworks/Microsoft.AspNetCore.App/Microsoft.AspNetCore.App.csproj +semmle-extractor-options: ${testdir}/../../../../../resources/stubs/System.Web.cs From a698684fecb4f52e1fc2e57cf3461460eb46c19e Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 13 Mar 2024 22:00:42 -0400 Subject: [PATCH 07/15] `System.IO.Stream::ReadAtLeast` --- csharp/ql/lib/ext/System.IO.model.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index 14838b50385a..d10f95240656 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -87,6 +87,9 @@ extensions: - ["System.IO", "Stream", True, "Read", "(System.Span)", "", "Argument[this]", "Argument[0]", "taint", "manual"] - ["System.IO", "Stream", False, "ReadAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - ["System.IO", "Stream", True, "ReadAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] + - ["System.IO", "Stream", True, "ReadAtLeast", "(System.Span,System.Int32,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "manual"] + # Post-update nodes for `Memory` are currently unsupported. This model is provided for completeness + - ["System.IO", "Stream", True, "ReadAtLeastAsync", "(System.Memory,System.Int32,System.Boolean,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"] - ["System.IO", "Stream", True, "Write", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"] - ["System.IO", "Stream", False, "WriteAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"] - ["System.IO", "Stream", True, "WriteAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"] From 2a73677fd27a5b66708b1787faedfdce461a3d0c Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 13 Mar 2024 22:02:20 -0400 Subject: [PATCH 08/15] Missing `Stream::ReadAsync` overload --- csharp/ql/lib/ext/System.IO.model.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index d10f95240656..a93d12e75409 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -87,6 +87,8 @@ extensions: - ["System.IO", "Stream", True, "Read", "(System.Span)", "", "Argument[this]", "Argument[0]", "taint", "manual"] - ["System.IO", "Stream", False, "ReadAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - ["System.IO", "Stream", True, "ReadAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] + # Post-update nodes for `Memory` are currently unsupported. This model is provided for completeness + - ["System.IO", "Stream", True, "ReadAsync", "(System.Memory,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - ["System.IO", "Stream", True, "ReadAtLeast", "(System.Span,System.Int32,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "manual"] # Post-update nodes for `Memory` are currently unsupported. This model is provided for completeness - ["System.IO", "Stream", True, "ReadAtLeastAsync", "(System.Memory,System.Int32,System.Boolean,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"] From d6f085373e3a4acb27cc93cb47901bc62ac76618 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 13 Mar 2024 22:06:04 -0400 Subject: [PATCH 09/15] `System.IO.Stream::ReadExactly` models --- csharp/ql/lib/ext/System.IO.model.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index a93d12e75409..4b0d417060a6 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -92,6 +92,8 @@ extensions: - ["System.IO", "Stream", True, "ReadAtLeast", "(System.Span,System.Int32,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "manual"] # Post-update nodes for `Memory` are currently unsupported. This model is provided for completeness - ["System.IO", "Stream", True, "ReadAtLeastAsync", "(System.Memory,System.Int32,System.Boolean,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"] + - ["System.IO", "Stream", True, "ReadExactly", "(System.Span)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] + - ["System.IO", "Stream", True, "ReadExactly", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - ["System.IO", "Stream", True, "Write", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"] - ["System.IO", "Stream", False, "WriteAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"] - ["System.IO", "Stream", True, "WriteAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[0].Element", "Argument[this]", "taint", "manual"] From e14e47cd735dd1b3325cbdbcb49a9c13b00ed208 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 13 Mar 2024 22:07:12 -0400 Subject: [PATCH 10/15] Fix `Stream::Read(Span)` model --- csharp/ql/lib/ext/System.IO.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index 4b0d417060a6..c640a0cd56dd 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -84,7 +84,7 @@ extensions: - ["System.IO", "Stream", True, "CopyToAsync", "(System.IO.Stream,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"] - ["System.IO", "Stream", False, "CopyToAsync", "(System.IO.Stream,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"] - ["System.IO", "Stream", True, "Read", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - - ["System.IO", "Stream", True, "Read", "(System.Span)", "", "Argument[this]", "Argument[0]", "taint", "manual"] + - ["System.IO", "Stream", True, "Read", "(System.Span)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - ["System.IO", "Stream", False, "ReadAsync", "(System.Byte[],System.Int32,System.Int32)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - ["System.IO", "Stream", True, "ReadAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] # Post-update nodes for `Memory` are currently unsupported. This model is provided for completeness From 08611f0c9c220d9af049a4d0b74cf553e76a0c84 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 13 Mar 2024 22:35:56 -0400 Subject: [PATCH 11/15] Fix flow summary tests --- csharp/ql/lib/ext/System.IO.model.yml | 2 +- .../dataflow/library/FlowSummaries.expected | 78 +++++++++---------- .../library/FlowSummariesFiltered.expected | 14 ++-- 3 files changed, 45 insertions(+), 49 deletions(-) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index c640a0cd56dd..2b23698fd210 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -89,7 +89,7 @@ extensions: - ["System.IO", "Stream", True, "ReadAsync", "(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] # Post-update nodes for `Memory` are currently unsupported. This model is provided for completeness - ["System.IO", "Stream", True, "ReadAsync", "(System.Memory,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] - - ["System.IO", "Stream", True, "ReadAtLeast", "(System.Span,System.Int32,System.Boolean)", "", "Argument[this]", "Argument[0]", "taint", "manual"] + - ["System.IO", "Stream", True, "ReadAtLeast", "(System.Span,System.Int32,System.Boolean)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] # Post-update nodes for `Memory` are currently unsupported. This model is provided for completeness - ["System.IO", "Stream", True, "ReadAtLeastAsync", "(System.Memory,System.Int32,System.Boolean,System.Threading.CancellationToken)", "", "Argument[this]", "Argument[0]", "taint", "manual"] - ["System.IO", "Stream", True, "ReadExactly", "(System.Span)", "", "Argument[this]", "Argument[0].Element", "taint", "manual"] diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 4a319fec7bfd..055b9bba9523 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -1470,7 +1470,7 @@ summary | Microsoft.AspNetCore.WebUtilities;BufferedReadStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | Microsoft.AspNetCore.WebUtilities;BufferedReadStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | | Microsoft.AspNetCore.WebUtilities;BufferedReadStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| Microsoft.AspNetCore.WebUtilities;BufferedReadStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | Microsoft.AspNetCore.WebUtilities;BufferedReadStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | Microsoft.AspNetCore.WebUtilities;BufferedReadStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | Microsoft.AspNetCore.WebUtilities;BufferedReadStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -1478,9 +1478,9 @@ summary | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;FileBufferingReadStream;(System.IO.Stream,System.Int32,System.Nullable,System.Func);;Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;FileBufferingReadStream;(System.IO.Stream,System.Int32,System.Nullable,System.Func,System.Buffers.ArrayPool);;Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingReadStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -1488,7 +1488,7 @@ summary | Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | Microsoft.AspNetCore.WebUtilities;FileBufferingWriteStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -4068,7 +4068,7 @@ summary | ServiceStack.Text;NetCoreMemory;false;Deserialize;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;NetCoreMemory;false;DeserializeAsync;(System.IO.Stream,System.Type,ServiceStack.Text.Common.DeserializeStringSpanDelegate);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;RecyclableMemoryStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| ServiceStack.Text;RecyclableMemoryStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| ServiceStack.Text;RecyclableMemoryStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | ServiceStack.Text;RecyclableMemoryStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | ServiceStack.Text;RecyclableMemoryStreamManager+EventHandler;false;BeginInvoke;(System.AsyncCallback,System.Object);;Argument[0];Argument[0].Parameter[delegate-self];value;hq-generated | | ServiceStack.Text;RecyclableMemoryStreamManager+LargeBufferDiscardedEventHandler;false;BeginInvoke;(ServiceStack.Text.RecyclableMemoryStreamManager+Events+MemoryStreamDiscardReason,System.AsyncCallback,System.Object);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | @@ -9397,9 +9397,9 @@ summary | System.IO.Compression;BrotliStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO.Compression;BrotliStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;BrotliStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Compression;BrotliStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO.Compression;BrotliStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;BrotliStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Compression;BrotliStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO.Compression;BrotliStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;BrotliStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Compression;BrotliStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Compression;BrotliStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -9417,9 +9417,9 @@ summary | System.IO.Compression;DeflateStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO.Compression;DeflateStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;DeflateStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Compression;DeflateStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO.Compression;DeflateStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;DeflateStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Compression;DeflateStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO.Compression;DeflateStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;DeflateStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Compression;DeflateStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Compression;DeflateStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -9435,9 +9435,9 @@ summary | System.IO.Compression;GZipStream;false;GZipStream;(System.IO.Stream,System.IO.Compression.CompressionLevel,System.Boolean);;Argument[0];Argument[this];taint;df-generated | | System.IO.Compression;GZipStream;false;GZipStream;(System.IO.Stream,System.IO.Compression.CompressionMode,System.Boolean);;Argument[0];Argument[this];taint;df-generated | | System.IO.Compression;GZipStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Compression;GZipStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO.Compression;GZipStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;GZipStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Compression;GZipStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO.Compression;GZipStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;GZipStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Compression;GZipStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Compression;GZipStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -9451,9 +9451,9 @@ summary | System.IO.Compression;ZLibStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO.Compression;ZLibStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Compression;ZLibStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Compression;ZLibStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO.Compression;ZLibStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;ZLibStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Compression;ZLibStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO.Compression;ZLibStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Compression;ZLibStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Compression;ZLibStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Compression;ZLibStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -9508,10 +9508,9 @@ summary | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.IsolatedStorage;IsolatedStorageFileStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO.IsolatedStorage;IsolatedStorageFileStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.IsolatedStorage;IsolatedStorageFileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | -| System.IO.IsolatedStorage;IsolatedStorageFileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO.IsolatedStorage;IsolatedStorageFileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | @@ -9569,9 +9568,9 @@ summary | System.IO.Pipes;PipeStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO.Pipes;PipeStream;false;InitializeHandle;(Microsoft.Win32.SafeHandles.SafePipeHandle,System.Boolean,System.Boolean);;Argument[0];Argument[this];taint;df-generated | | System.IO.Pipes;PipeStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Pipes;PipeStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO.Pipes;PipeStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Pipes;PipeStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO.Pipes;PipeStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO.Pipes;PipeStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO.Pipes;PipeStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Pipes;PipeStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO.Pipes;PipeStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -9598,9 +9597,9 @@ summary | System.IO;BufferedStream;false;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | | System.IO;BufferedStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;BufferedStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;BufferedStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO;BufferedStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO;BufferedStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;BufferedStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO;BufferedStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;BufferedStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO;BufferedStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO;BufferedStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -9695,10 +9694,9 @@ summary | System.IO;FileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO;FileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;FileStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;FileStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO;FileStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO;FileStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;FileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | -| System.IO;FileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO;FileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;FileStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO;FileStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO;FileStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | @@ -9751,9 +9749,9 @@ summary | System.IO;MemoryStream;false;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean);;Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;false;MemoryStream;(System.Byte[],System.Int32,System.Int32,System.Boolean,System.Boolean);;Argument[0].Element;Argument[this];taint;manual | | System.IO;MemoryStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;MemoryStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO;MemoryStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO;MemoryStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;MemoryStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO;MemoryStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;MemoryStream;false;ToArray;();;Argument[this];ReturnValue;taint;manual | | System.IO;MemoryStream;false;TryGetBuffer;(System.ArraySegment);;Argument[this];ReturnValue;taint;df-generated | | System.IO;MemoryStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | @@ -9826,6 +9824,10 @@ summary | System.IO;Stream;false;CopyToAsync;(System.IO.Stream,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | | System.IO;Stream;false;FlushAsync;();;Argument[this];ReturnValue;taint;df-generated | | System.IO;Stream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;Stream;false;ReadAtLeast;(System.Span,System.Int32,System.Boolean);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;Stream;false;ReadAtLeastAsync;(System.Memory,System.Int32,System.Boolean,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | +| System.IO;Stream;false;ReadExactly;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;Stream;false;ReadExactly;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO;Stream;false;Synchronized;(System.IO.Stream);;Argument[0];ReturnValue;taint;df-generated | | System.IO;Stream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO;Stream;true;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[3];Argument[3].Parameter[delegate-self];value;manual | @@ -9836,9 +9838,9 @@ summary | System.IO;Stream;true;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | | System.IO;Stream;true;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;Stream;true;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;Stream;true;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO;Stream;true;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO;Stream;true;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;Stream;true;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO;Stream;true;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;Stream;true;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO;Stream;true;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO;Stream;true;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -10051,9 +10053,9 @@ summary | System.IO;UnmanagedMemoryStream;false;Initialize;(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess);;Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;false;Initialize;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64,System.IO.FileAccess);;Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;UnmanagedMemoryStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO;UnmanagedMemoryStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO;UnmanagedMemoryStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;UnmanagedMemoryStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO;UnmanagedMemoryStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;UnmanagedMemoryStream;false;UnmanagedMemoryStream;(System.Byte*,System.Int64);;Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;false;UnmanagedMemoryStream;(System.Byte*,System.Int64,System.Int64,System.IO.FileAccess);;Argument[0];Argument[this];taint;df-generated | | System.IO;UnmanagedMemoryStream;false;UnmanagedMemoryStream;(System.Runtime.InteropServices.SafeBuffer,System.Int64,System.Int64);;Argument[0];Argument[this];taint;df-generated | @@ -11991,9 +11993,9 @@ summary | System.Net.Quic;QuicStream;false;BeginWrite;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[3];Argument[3].Parameter[delegate-self];value;manual | | System.Net.Quic;QuicStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.Net.Quic;QuicStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.Net.Quic;QuicStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.Net.Quic;QuicStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Quic;QuicStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.Net.Quic;QuicStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.Net.Quic;QuicStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Quic;QuicStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.Net.Quic;QuicStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.Net.Quic;QuicStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -12028,9 +12030,7 @@ summary | System.Net.Security;NegotiateStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.Net.Security;NegotiateStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Security;NegotiateStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.Net.Security;NegotiateStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | -| System.Net.Security;NegotiateStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | -| System.Net.Security;NegotiateStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.Net.Security;NegotiateStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Security;NegotiateStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.Net.Security;NegotiateStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.Net.Security;NegotiateStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | @@ -12063,7 +12063,7 @@ summary | System.Net.Security;SslStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.Net.Security;SslStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Security;SslStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.Net.Security;SslStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.Net.Security;SslStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Security;SslStream;false;SslStream;(System.IO.Stream,System.Boolean,System.Net.Security.RemoteCertificateValidationCallback);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Net.Security;SslStream;false;SslStream;(System.IO.Stream,System.Boolean,System.Net.Security.RemoteCertificateValidationCallback,System.Net.Security.LocalCertificateSelectionCallback);;Argument[2];Argument[2].Parameter[delegate-self];value;hq-generated | | System.Net.Security;SslStream;false;SslStream;(System.IO.Stream,System.Boolean,System.Net.Security.RemoteCertificateValidationCallback,System.Net.Security.LocalCertificateSelectionCallback);;Argument[3];Argument[3].Parameter[delegate-self];value;hq-generated | @@ -12097,11 +12097,9 @@ summary | System.Net.Sockets;NetworkStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.Net.Sockets;NetworkStream;false;NetworkStream;(System.Net.Sockets.Socket,System.IO.FileAccess,System.Boolean);;Argument[0];Argument[this];taint;df-generated | | System.Net.Sockets;NetworkStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.Net.Sockets;NetworkStream;false;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.Net.Sockets;NetworkStream;false;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | -| System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | -| System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.Net.Sockets;NetworkStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.Net.Sockets;NetworkStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.Net.Sockets;NetworkStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | @@ -14256,7 +14254,7 @@ summary | System.Security.Cryptography;CryptoStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.Security.Cryptography;CryptoStream;false;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | | System.Security.Cryptography;CryptoStream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.Security.Cryptography;CryptoStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.Security.Cryptography;CryptoStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.Security.Cryptography;CryptoStream;false;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.Security.Cryptography;CryptoStream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.Security.Cryptography;CryptoStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected index 50b1a5178cf4..378fe3b3d01d 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummariesFiltered.expected @@ -7470,7 +7470,6 @@ | System.IO.IsolatedStorage;IsolatedStorage;false;get_AssemblyIdentity;();;Argument[this];ReturnValue;taint;df-generated | | System.IO.IsolatedStorage;IsolatedStorage;false;get_DomainIdentity;();;Argument[this];ReturnValue;taint;df-generated | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | -| System.IO.IsolatedStorage;IsolatedStorageFileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO.IsolatedStorage;IsolatedStorageFileStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.IO.MemoryMappedFiles;MemoryMappedFile;false;CreateFromFile;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.String,System.Int64,System.IO.MemoryMappedFiles.MemoryMappedFileAccess,System.IO.HandleInheritability,System.Boolean);;Argument[0];ReturnValue;taint;df-generated | @@ -7618,7 +7617,6 @@ | System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.Boolean);;Argument[0];Argument[this];taint;manual | | System.IO;FileStream;false;FileStream;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare,System.Int32,System.IO.FileOptions);;Argument[0];Argument[this];taint;manual | | System.IO;FileStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | -| System.IO;FileStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.IO;FileStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.IO;FileStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.IO;FileStream;false;get_SafeFileHandle;();;Argument[this];ReturnValue;taint;df-generated | @@ -7729,6 +7727,10 @@ | System.IO;Stream;false;CopyToAsync;(System.IO.Stream,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | | System.IO;Stream;false;FlushAsync;();;Argument[this];ReturnValue;taint;df-generated | | System.IO;Stream;false;ReadAsync;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;Stream;false;ReadAtLeast;(System.Span,System.Int32,System.Boolean);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;Stream;false;ReadAtLeastAsync;(System.Memory,System.Int32,System.Boolean,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | +| System.IO;Stream;false;ReadExactly;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | +| System.IO;Stream;false;ReadExactly;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO;Stream;false;Synchronized;(System.IO.Stream);;Argument[0];ReturnValue;taint;df-generated | | System.IO;Stream;false;WriteAsync;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO;Stream;true;BeginRead;(System.Byte[],System.Int32,System.Int32,System.AsyncCallback,System.Object);;Argument[3];Argument[3].Parameter[delegate-self];value;manual | @@ -7739,9 +7741,9 @@ | System.IO;Stream;true;CopyToAsync;(System.IO.Stream,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0];taint;manual | | System.IO;Stream;true;FlushAsync;(System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | | System.IO;Stream;true;Read;(System.Byte[],System.Int32,System.Int32);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;Stream;true;Read;(System.Span);;Argument[this];Argument[0];taint;manual | +| System.IO;Stream;true;Read;(System.Span);;Argument[this];Argument[0].Element;taint;manual | | System.IO;Stream;true;ReadAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | -| System.IO;Stream;true;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | +| System.IO;Stream;true;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[this];Argument[0].Element;taint;manual | | System.IO;Stream;true;Write;(System.Byte[],System.Int32,System.Int32);;Argument[0].Element;Argument[this];taint;manual | | System.IO;Stream;true;WriteAsync;(System.Byte[],System.Int32,System.Int32,System.Threading.CancellationToken);;Argument[0].Element;Argument[this];taint;manual | | System.IO;Stream;true;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[this];ReturnValue;taint;df-generated | @@ -9675,8 +9677,6 @@ | System.Net.Security;NegotiateStream;false;BeginAuthenticateAsServer;(System.Net.NetworkCredential,System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy,System.Net.Security.ProtectionLevel,System.Security.Principal.TokenImpersonationLevel,System.AsyncCallback,System.Object);;Argument[4];Argument[4].Parameter[delegate-self];value;hq-generated | | System.Net.Security;NegotiateStream;false;BeginAuthenticateAsServer;(System.Security.Authentication.ExtendedProtection.ExtendedProtectionPolicy,System.AsyncCallback,System.Object);;Argument[1];Argument[1].Parameter[delegate-self];value;hq-generated | | System.Net.Security;NegotiateStream;false;FlushAsync;(System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | -| System.Net.Security;NegotiateStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | -| System.Net.Security;NegotiateStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.Net.Security;NegotiateStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | | System.Net.Security;NegotiateStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.Net.Security;NegotiateStream;false;get_RemoteIdentity;();;Argument[this];ReturnValue;taint;df-generated | @@ -9723,8 +9723,6 @@ | System.Net.Sockets;MulticastOption;false;set_Group;(System.Net.IPAddress);;Argument[0];Argument[this];taint;df-generated | | System.Net.Sockets;MulticastOption;false;set_LocalAddress;(System.Net.IPAddress);;Argument[0];Argument[this];taint;df-generated | | System.Net.Sockets;NetworkStream;false;NetworkStream;(System.Net.Sockets.Socket,System.IO.FileAccess,System.Boolean);;Argument[0];Argument[this];taint;df-generated | -| System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[0];ReturnValue;taint;df-generated | -| System.Net.Sockets;NetworkStream;false;ReadAsync;(System.Memory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.Net.Sockets;NetworkStream;false;WriteAsync;(System.ReadOnlyMemory,System.Threading.CancellationToken);;Argument[1];ReturnValue;taint;df-generated | | System.Net.Sockets;NetworkStream;false;get_Socket;();;Argument[this];ReturnValue;taint;df-generated | | System.Net.Sockets;SafeSocketHandle;false;SafeSocketHandle;(System.IntPtr,System.Boolean);;Argument[0];Argument[this];taint;df-generated | From 46a9bb9804023bb2f66a68a2ef944de27ad9cbf8 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Wed, 13 Mar 2024 22:42:56 -0400 Subject: [PATCH 12/15] Change note --- csharp/ql/lib/change-notes/2024-03-13-system.io-models.md | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 csharp/ql/lib/change-notes/2024-03-13-system.io-models.md diff --git a/csharp/ql/lib/change-notes/2024-03-13-system.io-models.md b/csharp/ql/lib/change-notes/2024-03-13-system.io-models.md new file mode 100644 index 000000000000..84db6a663aea --- /dev/null +++ b/csharp/ql/lib/change-notes/2024-03-13-system.io-models.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Additional models have been added for `System.IO`. These are primarily source models with the `file` threat model, and summaries related to reading from a file or stream. From e2c2d574f859ab462dd7a264efb648cc5535f207 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Thu, 14 Mar 2024 12:55:20 -0400 Subject: [PATCH 13/15] Add `FileInfo::OpenText` --- csharp/ql/lib/ext/System.IO.model.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/csharp/ql/lib/ext/System.IO.model.yml b/csharp/ql/lib/ext/System.IO.model.yml index 2b23698fd210..d78fb8e1e2d9 100644 --- a/csharp/ql/lib/ext/System.IO.model.yml +++ b/csharp/ql/lib/ext/System.IO.model.yml @@ -25,6 +25,7 @@ extensions: - ["System.IO", "FileInfo", False, "Open", "", "", "ReturnValue", "file-write", "manual"] - ["System.IO", "FileInfo", False, "Open", "", "", "ReturnValue", "file", "manual"] - ["System.IO", "FileInfo", False, "OpenRead", "", "", "ReturnValue", "file", "manual"] + - ["System.IO", "FileInfo", False, "OpenText", "", "", "ReturnValue", "file", "manual"] - ["System.IO", "FileInfo", False, "OpenWrite", "", "", "ReturnValue", "file-write", "manual"] - ["System.IO", "FileStream", False, "FileStream", "", "", "Argument[this]", "file", "manual"] - ["System.IO", "FileStream", False, "FileStream", "", "", "Argument[this]", "file-write", "manual"] From 3e3eceea5f5f3a62ed2dfe1b561a9eeb6ed2cdf7 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Thu, 14 Mar 2024 12:55:54 -0400 Subject: [PATCH 14/15] Typo --- .../library-tests/dataflow/flowsources/stored/file/Files.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.cs b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.cs index 168a7086f8d7..37e9f2ed8f1f 100644 --- a/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.cs +++ b/csharp/ql/test/library-tests/dataflow/flowsources/stored/file/Files.cs @@ -30,7 +30,7 @@ public static void ReadLines(string path) } } - public static void BuuferedRead(string path) + public static void BufferedRead(string path) { using (FileStream fs = new FileStream(path, FileMode.Open)) { From c7a746e3dcb9ff433c36064b60f40f8ec98bf156 Mon Sep 17 00:00:00 2001 From: Ed Minnix Date: Thu, 21 Mar 2024 13:15:45 -0400 Subject: [PATCH 15/15] Flow summary tests --- .../dataflow/library/FlowSummaries.expected | 26 +++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected index 055b9bba9523..019e3572798d 100644 --- a/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected +++ b/csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected @@ -17,17 +17,43 @@ source | System.IO;File;false;Create;(System.String,System.Int32,System.IO.FileOptions);;ReturnValue;file-write;manual | | System.IO;File;false;CreateText;(System.String);;ReturnValue;file-write;manual | | System.IO;File;false;Open;(System.String,System.IO.FileMode);;ReturnValue;file-write;manual | +| System.IO;File;false;Open;(System.String,System.IO.FileMode);;ReturnValue;file;manual | | System.IO;File;false;Open;(System.String,System.IO.FileMode,System.IO.FileAccess);;ReturnValue;file-write;manual | +| System.IO;File;false;Open;(System.String,System.IO.FileMode,System.IO.FileAccess);;ReturnValue;file;manual | | System.IO;File;false;Open;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;ReturnValue;file-write;manual | +| System.IO;File;false;Open;(System.String,System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;ReturnValue;file;manual | | System.IO;File;false;Open;(System.String,System.IO.FileStreamOptions);;ReturnValue;file-write;manual | +| System.IO;File;false;Open;(System.String,System.IO.FileStreamOptions);;ReturnValue;file;manual | +| System.IO;File;false;OpenRead;(System.String);;ReturnValue;file;manual | +| System.IO;File;false;OpenText;(System.String);;ReturnValue;file;manual | | System.IO;File;false;OpenWrite;(System.String);;ReturnValue;file-write;manual | +| System.IO;File;false;ReadAllBytes;(System.String);;ReturnValue;file;manual | +| System.IO;File;false;ReadAllBytesAsync;(System.String,System.Threading.CancellationToken);;ReturnValue;file;manual | +| System.IO;File;false;ReadAllLines;(System.String);;ReturnValue;file;manual | +| System.IO;File;false;ReadAllLines;(System.String,System.Text.Encoding);;ReturnValue;file;manual | +| System.IO;File;false;ReadAllLinesAsync;(System.String,System.Text.Encoding,System.Threading.CancellationToken);;ReturnValue;file;manual | +| System.IO;File;false;ReadAllLinesAsync;(System.String,System.Threading.CancellationToken);;ReturnValue;file;manual | +| System.IO;File;false;ReadAllText;(System.String);;ReturnValue;file;manual | +| System.IO;File;false;ReadAllText;(System.String,System.Text.Encoding);;ReturnValue;file;manual | +| System.IO;File;false;ReadAllTextAsync;(System.String,System.Text.Encoding,System.Threading.CancellationToken);;ReturnValue;file;manual | +| System.IO;File;false;ReadAllTextAsync;(System.String,System.Threading.CancellationToken);;ReturnValue;file;manual | +| System.IO;File;false;ReadLines;(System.String);;ReturnValue;file;manual | +| System.IO;File;false;ReadLines;(System.String,System.Text.Encoding);;ReturnValue;file;manual | +| System.IO;File;false;ReadLinesAsync;(System.String,System.Text.Encoding,System.Threading.CancellationToken);;ReturnValue;file;manual | +| System.IO;File;false;ReadLinesAsync;(System.String,System.Threading.CancellationToken);;ReturnValue;file;manual | | System.IO;FileInfo;false;AppendText;();;ReturnValue;file-write;manual | | System.IO;FileInfo;false;Create;();;ReturnValue;file-write;manual | | System.IO;FileInfo;false;CreateText;();;ReturnValue;file-write;manual | | System.IO;FileInfo;false;Open;(System.IO.FileMode);;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;Open;(System.IO.FileMode);;ReturnValue;file;manual | | System.IO;FileInfo;false;Open;(System.IO.FileMode,System.IO.FileAccess);;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;Open;(System.IO.FileMode,System.IO.FileAccess);;ReturnValue;file;manual | | System.IO;FileInfo;false;Open;(System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;Open;(System.IO.FileMode,System.IO.FileAccess,System.IO.FileShare);;ReturnValue;file;manual | | System.IO;FileInfo;false;Open;(System.IO.FileStreamOptions);;ReturnValue;file-write;manual | +| System.IO;FileInfo;false;Open;(System.IO.FileStreamOptions);;ReturnValue;file;manual | +| System.IO;FileInfo;false;OpenRead;();;ReturnValue;file;manual | +| System.IO;FileInfo;false;OpenText;();;ReturnValue;file;manual | | System.IO;FileInfo;false;OpenWrite;();;ReturnValue;file-write;manual | | System.IO;FileStream;false;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess);;Argument[this];file-write;manual | | System.IO;FileStream;false;FileStream;(Microsoft.Win32.SafeHandles.SafeFileHandle,System.IO.FileAccess);;Argument[this];file;manual |