C#: Take more sources and sinks into account when reporting in the te…

…lemetry queries.

csharp/ql/lib/semmle/code/csharp/security/cryptography/EncryptionKeyDataFlowQuery.qll

@@ -3,6 +3,7 @@
  */
 
 import csharp
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import semmle.code.csharp.frameworks.system.security.cryptography.SymmetricAlgorithm
 
 /** Abstract class for all sources of keys */
@@ -11,7 +12,7 @@ abstract class KeySource extends DataFlow::Node { }
 /**
  * A symmetric encryption sink is abstract base class for all ways to set a key for symmetric encryption.
  */
-abstract class SymmetricEncryptionKeySink extends DataFlow::Node {
+abstract class SymmetricEncryptionKeySink extends DataFlow::Node, SinkNode {
   /** override to create a meaningful description of the sink */
   abstract string getDescription();
 }

csharp/ql/lib/semmle/code/csharp/security/cryptography/HardcodedSymmetricEncryptionKey.qll

@@ -5,6 +5,7 @@
 
 import csharp
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 
 module HardcodedSymmetricEncryptionKey {
   private import semmle.code.csharp.frameworks.system.security.cryptography.SymmetricAlgorithm
@@ -13,7 +14,7 @@ module HardcodedSymmetricEncryptionKey {
   abstract class Source extends DataFlow::Node { }
 
   /** A data flow sink for hard-coded symmetric encryption keys. */
-  abstract class Sink extends DataFlow::ExprNode {
+  abstract class Sink extends DataFlow::ExprNode, SinkNode {
     /** Gets a description of this sink. */
     abstract string getDescription();
   }

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/FlowSinks.qll

@@ -0,0 +1,9 @@
+private import semmle.code.csharp.dataflow.internal.ExternalFlow
+private import Remote
+private import semmle.code.csharp.security.cryptography.EncryptionKeyDataFlowQuery
+private import semmle.code.csharp.security.cryptography.HardcodedSymmetricEncryptionKey
+
+/**
+ * A data flow sink.
+ */
+abstract class SinkNode extends DataFlow::Node { }

csharp/ql/lib/semmle/code/csharp/security/dataflow/flowsinks/Remote.qll

@@ -5,12 +5,13 @@
 import csharp
 private import Email::Email
 private import ExternalLocationSink
+private import FlowSinks
 private import Html
 private import semmle.code.csharp.security.dataflow.XSSSinks as XssSinks
 private import semmle.code.csharp.frameworks.system.web.UI
 
 /** A data flow sink of remote user output. */
-abstract class RemoteFlowSink extends DataFlow::Node { }
+abstract class RemoteFlowSink extends SinkNode { }
 
 /**
  * A value written to the `[Inner]Text` property of an object defined in the

csharp/ql/src/Telemetry/ExternalApi.qll

@@ -8,7 +8,8 @@ private import semmle.code.csharp.dataflow.internal.DataFlowDispatch as DataFlow
 private import semmle.code.csharp.dataflow.internal.ExternalFlow
 private import semmle.code.csharp.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
 private import semmle.code.csharp.dataflow.internal.TaintTrackingPrivate
-private import semmle.code.csharp.security.dataflow.flowsources.Remote
+private import semmle.code.csharp.security.dataflow.flowsources.FlowSources
+private import semmle.code.csharp.security.dataflow.flowsinks.FlowSinks
 private import TestLibrary
 
 /** Holds if the given callable is not worth supporting. */
@@ -80,12 +81,12 @@ class ExternalApi extends Callable {
   /** Holds if this API is a known source. */
   pragma[nomagic]
   predicate isSource() {
-    this.getAnOutput() instanceof RemoteFlowSource or sourceNode(this.getAnOutput(), _)
+    this.getAnOutput() instanceof SourceNode or sourceNode(this.getAnOutput(), _)
   }
 
   /** Holds if this API is a known sink. */
   pragma[nomagic]
-  predicate isSink() { sinkNode(this.getAnInput(), _) }
+  predicate isSink() { this.getAnInput() instanceof SinkNode or sinkNode(this.getAnInput(), _) }
 
   /** Holds if this API is a known neutral. */
   pragma[nomagic]