From 972cd2b21a008b56656e396a06d0b9158b284f40 Mon Sep 17 00:00:00 2001
From: Tom Hvitved <hvitved@github.com>
Date: Mon, 2 Dec 2024 13:45:51 +0100
Subject: [PATCH] C#: Restrict
 `cs/thread-unsafe-icryptotransform-field-in-class` to source fields

---
 csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql | 1 +
 1 file changed, 1 insertion(+)

diff --git a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql
index e64d714f8bb1..f1487d7a2cee 100644
--- a/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql	
+++ b/csharp/ql/src/Likely Bugs/ThreadUnsafeICryptoTransform.ql	
@@ -52,6 +52,7 @@ class ICryptoTransform extends ValueOrRefType {
 }
 
 from UnsafeField field
+where field.fromSource()
 select field,
   "Static field '" + field.getName() +
     "' contains a 'System.Security.Cryptography.ICryptoTransform' that could be used in an unsafe way."