feedback from code review

Author: mr-sherman

csharp/ql/src/semmle/code/csharp/frameworks/ServiceStack.qll

@@ -83,14 +83,19 @@ module Sources {
 
 /** Flow Sinks for the ServiceStack framework */
 module Sinks {
-  private import semmle.code.csharp.security.dataflow.flowsinks.Remote
+  private import semmle.code.csharp.security.dataflow.flowsinks.ExternalLocationSink
 
   /** RemoteFlow sinks for service stack */
-  class ServiceStackRemoteRequestParameter extends RemoteFlowSink {
+  class ServiceStackRemoteRequestParameter extends ExternalLocationSink {
     ServiceStackRemoteRequestParameter() {
       exists(MethodCall mc |
-        mc.getTarget().hasQualifiedName("ServiceStack.IRestClient.Get") and
-        mc.getArgument(0) = this.asExpr()
+        mc.getTarget().getQualifiedName() in [
+            "ServiceStack.IRestClient.Get", "ServiceStack.IRestClient.Put",
+            "ServiceStack.IRestClient.Post", "ServiceStack.IRestClient.Delete",
+            "ServiceStack.IRestClient.Post", "ServiceStack.IRestClient.Put",
+            "ServiceStack.IRestClient.Patch", "ServiceStack.IRestClient.Send"
+          ] and
+        this.asExpr() = mc.getAnArgument()
       )
     }
   }

csharp/ql/src/semmle/code/csharp/security/dataflow/flowsinks/ExternalLocationSink.qll

@@ -6,7 +6,7 @@ import csharp
 private import Remote
 private import semmle.code.csharp.commons.Loggers
 private import semmle.code.csharp.frameworks.system.Web
-
+private import semmle.code.csharp.frameworks.ServiceStack::Sinks
 /**
  * An external location sink.
  *

csharp/ql/src/semmle/code/csharp/security/dataflow/flowsinks/Remote.qll

@@ -8,7 +8,7 @@ private import ExternalLocationSink
 private import Html
 private import semmle.code.csharp.security.dataflow.XSS
 private import semmle.code.csharp.frameworks.system.web.UI
-import semmle.code.csharp.frameworks.ServiceStack::Sinks
+private import semmle.code.csharp.frameworks.ServiceStack::Sinks
 
 /** A data flow sink of remote user output. */
 abstract class RemoteFlowSink extends DataFlow::Node { }