Minor fixes to XSS:

Only want returns in request methods
Also care about non-string 1st args to HttpResult e.g. streams

Author: johnlugton

csharp/ql/src/semmle/code/csharp/frameworks/ServiceStack.qll

@@ -127,17 +127,12 @@ module XSS {
 
     class XssExpr extends Expr {
         XssExpr() {
-            exists(ReturnStmt r |
-                (
-                    r.getExpr().getType() instanceof StringType
-                )
-                |
-                this = r.getExpr()
+            exists(ServiceClass service, ReturnStmt r |
+                this = r.getExpr() and
+                r.getEnclosingCallable() = service.getARequestMethod()
             ) or 
             exists(ObjectCreation oc |
-                oc.getType().hasName("HttpResult") and
-                oc.getAnArgument().getType() instanceof StringType
-                |
+                oc.getType().hasQualifiedName("ServiceStack.HttpResult") and
                 this = oc.getArgument(0)
             )
         }