C#: Add missing severity and update expected test output

hvitved · hvitved · commit e3afcb1b0657 · 2022-01-24T20:00:25.000+01:00
diff --git a/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql b/csharp/ql/src/experimental/Security Features/CWE-759/HashWithoutSalt.ql
@@ -2,6 +2,7 @@
  * @name Use of a hash function without a salt
  * @description Hashed passwords without a salt are vulnerable to dictionary attacks.
  * @kind path-problem
+ * @problem.severity error
  * @id cs/hash-without-salt
  * @tags security
  *       external/cwe-759
diff --git a/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected b/csharp/ql/test/experimental/Security Features/CWE-759/HashWithoutSalt.expected
@@ -13,6 +13,7 @@ nodes
 | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] |
 | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | semmle.label | access to parameter password : String |
 | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | semmle.label | access to local variable passBytes |
+subpaths
 #select
 | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | $@ is hashed without a salt. | HashWithoutSalt.cs:18:70:18:77 | access to parameter password | The password |
 | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:38:64:38:71 | access to parameter password | The password |
