Added IRestClientAsync methods to external location sink. Removed import from

mr-sherman · mr-sherman · commit bf2d7b3a1617 · 2021-03-29T14:37:51.000-04:00
Remote.qll, as it is un-necessary now.
diff --git a/csharp/ql/src/semmle/code/csharp/frameworks/ServiceStack.qll b/csharp/ql/src/semmle/code/csharp/frameworks/ServiceStack.qll
@@ -91,9 +91,11 @@ module Sinks {
       exists(MethodCall mc |
         mc.getTarget().getQualifiedName() in [
             "ServiceStack.IRestClient.Get", "ServiceStack.IRestClient.Put",
-            "ServiceStack.IRestClient.Post", "ServiceStack.IRestClient.Delete",
-            "ServiceStack.IRestClient.Post", "ServiceStack.IRestClient.Put",
-            "ServiceStack.IRestClient.Patch", "ServiceStack.IRestClient.Send"
+            "ServiceStack.IRestClient.Post", "ServiceStack.IRestClient.Delete", 
+            "ServiceStack.IRestClient.Patch", "ServiceStack.IRestClient.Send",
+            "ServiceStack.IRestClientAsync.GetAsync","ServiceStack.IRestClientAsync.DeleteAsync",
+            "ServiceStack.IRestClientAsync.PutAsync","ServiceStack.IRestClientAsync.PostAsync",
+            "ServiceStack.IRestClientAsync.PatchAsync","ServiceStack.IRestClientAsync.CustomMethodAsync"
           ] and
         this.asExpr() = mc.getAnArgument()
       )
diff --git a/csharp/ql/src/semmle/code/csharp/security/dataflow/flowsinks/Remote.qll b/csharp/ql/src/semmle/code/csharp/security/dataflow/flowsinks/Remote.qll
@@ -8,7 +8,6 @@ private import ExternalLocationSink
 private import Html
 private import semmle.code.csharp.security.dataflow.XSS
 private import semmle.code.csharp.frameworks.system.web.UI
-private import semmle.code.csharp.frameworks.ServiceStack::Sinks
 
 /** A data flow sink of remote user output. */
 abstract class RemoteFlowSink extends DataFlow::Node { }
