Add tests

Author: egregius313

csharp/ql/test/library-tests/dataflow/flowsources/stored/database/dapper/DatabaseSources.expected

@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/threat-models
+      extensible: threatModelConfiguration
+    data:
+      - ["database", true, 0]

csharp/ql/test/library-tests/dataflow/flowsources/stored/database/dapper/DatabaseSources.ext.yml

@@ -0,0 +1,12 @@
+import csharp
+import semmle.code.csharp.security.dataflow.flowsources.FlowSources
+import TestUtilities.InlineFlowTest
+import TaintFlowTest<DatabseConfig>
+
+module DatabseConfig implements DataFlow::ConfigSig {
+  predicate isSource(DataFlow::Node source) { source instanceof ThreatModelFlowSource }
+
+  predicate isSink(DataFlow::Node sink) {
+    exists(MethodCall mc | mc.getTarget().hasName("Sink") | sink.asExpr() = mc.getArgument(0))
+  }
+}

csharp/ql/test/library-tests/dataflow/flowsources/stored/database/dapper/DatabaseSources.ql

@@ -0,0 +1,50 @@
+using System;
+using System.Data;
+using System.Data.Entity;
+using System.Data.SqlClient;
+using System.Threading.Tasks;
+using Dapper;
+
+namespace Test
+{
+    class UseDapper
+    {
+        public static void Bad01(string connectionString, string query)
+        {
+            using (var connection = new SqlConnection(connectionString))
+            {
+                var result = connection.Query<object>(query);
+                Sink(result); // $ hasTaintFlow=line:16
+            }
+        }
+
+        public static async Task Bad02(string connectionString, string query)
+        {
+            using (var connection = new SqlConnection(connectionString))
+            {
+                var result = await connection.QueryAsync<object>(query);
+                Sink(result); // $ hasTaintFlow=line:25
+            }
+        }
+
+        public static void Bad03(string connectionString, string query)
+        {
+            using (var connection = new SqlConnection(connectionString))
+            {
+                var result = connection.QueryFirst(query);
+                Sink(result); // $ hasTaintFlow=line:34
+            }
+        }
+
+        public static void Bad04(string connectionString, string query)
+        {
+            using (var connection = new SqlConnection(connectionString))
+            {
+                var results = connection.Query<object>(query).AsList();
+                Sink(results); // $ hasTaintFlow=line:43
+            }
+        }
+
+        public static void Sink(object o) { }
+    }
+}

csharp/ql/test/library-tests/dataflow/flowsources/stored/database/dapper/UseDapper.cs

@@ -0,0 +1,5 @@
+semmle-extractor-options: /nostdlib /noconfig
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../../resources/stubs/Dapper/2.1.24/Dapper.csproj
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../../resources/stubs/System.Data.SqlClient/4.8.5/System.Data.SqlClient.csproj
+semmle-extractor-options: --load-sources-from-project:${testdir}/../../../../../../resources/stubs/System.Data.SQLite/1.0.118/System.Data.SQLite.csproj
+semmle-extractor-options: ${testdir}/../../../../../../resources/stubs/System.Windows.cs